Role separation: upgrade ≠ fee ≠ oracle

StakeWise v3's assessment for RD-F-035 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

All three roles (upgrade/admin, fee/collateral parameters via OsTokenConfig, oracle config via Keeper addOracles/removeOracles) route through the single DAO Treasury Safe 0x144a98cb1CdBb23610501fE6108858D9B7D24934. No distinct addresses for upgrade vs. fee vs. oracle roles.

Sources #

Internal
StakeWise profile §6 — role consolidation in Safe00-profile.md §6: VaultsRegistry owner = Safe; Keeper owner = Safe (addOracles/removeOracles); OsTokenConfig owned by Saferetrieved 2026-05-16
Etherscan
Keeper contract | EtherscanKeeper 0x6B5815467da09DaA7DC83Db21c9239d98Bb487b5 Ownable2Step, owner = DAO Saferetrieved 2026-05-16

Methodology #

Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stakewise factor RD-F-035 score red collected_at 2026-05-16 01:03:28