defirisk.co
rubric v1.7.0

Admin EOA signing from new geography/device

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-107 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Signal requires single-EOA admin signing telemetry (geography/device fingerprint comparison vs prior history). Sushi's active admin is a 3-of-5 multisig (Ops Multisig: 0x19B3Eb3Af5D93b77a5619b047De0EED7115A19e7). Multisig transactions require off-chain signing by multiple parties; no single-EOA signing telemetry is observable or meaningful in this architecture. Signal is structurally inapplicable to a multisig admin pattern.

Sources #

  • Internal
    Sushi data cache — safe_multisigs (2026-05-16)00-data-cache.json safe_multisigs[0] — Ops Multisig 3-of-5; no single-EOA admin signing applicableretrieved 2026-05-16

Methodology #

Detect whether an admin/upgrader EOA signs from a geography or device fingerprint inconsistent with prior signing history.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-107 score not_applicable collected_at 2026-05-16 19:50:37