★ Rescue/emergencyWithdraw without timelock

StakeWise v3's assessment for RD-F-041 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No dedicated rescue()/emergencyWithdraw() function in OsToken.sol or VaultsRegistry. However, the setController() function on OsToken (owner-only, no timelock) enables equivalent capability: the 4-of-7 Safe can grant itself temporary mint/burn controller authority in one transaction, demonstrated in the Nov 2025 Balancer recovery where osETH was burned from the hacker's wallet and minted to the DAO. Gated by 4-of-7 multisig but no timelock. Yellow (multisig-gated, no dedicated rescue function, but equivalent power exists).

Sources #

URL
Balancer hacker loses $20M — DL NewsDL News: DAO burned hacker tokens and minted equivalent — first emergency invocation of this power Nov 3 2025retrieved 2026-05-16
GitHub
OsToken.sol — GitHub stakewise/v3-coreOsToken.sol: setController() onlyOwner, no timelock guard; mint() callable by controllerretrieved 2026-05-16

Methodology #

Determine whether a `rescue(…)` or `emergencyWithdraw(…)` function exists callable by admin without a timelock delay on execution.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stakewise factor RD-F-041 score yellow collected_at 2026-05-16 01:03:28