defirisk.co
rubric v1.7.0

Role separation: upgrade ≠ fee ≠ oracle

Superstate's assessment for RD-F-035 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

All privileged functions - mint, adminBurn, setOracle, setRedemptionContract, setStablecoinConfig, upgrade - are controlled by a single owner address per token (0xad309BB6... for USTB, 0x8abC89D9... for USCC). No role separation exists. Ownable2StepUpgradeable pattern is used without AccessControl multi-role. renounceOwnership() is explicitly reverted in the contract, preventing any future role removal.

Sources #

  • GitHub
    SuperstateToken.sol - Single Owner RoleSuperstateToken.sol: all admin functions use _checkOwner(); Ownable2StepUpgradeable; renounceOwnership() reverts; no AccessControl or role separationretrieved 2026-05-16

Methodology #

Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol superstate factor RD-F-035 score red collected_at 2026-05-16 00:06:37