★ Sudden admin-rescue/ACL change without discussion
Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-123 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Two events assessed: (1) April 2024: Jared Grey 'directed the operations team to execute the YAY vote with the OPs wallet and its holdings' on the Labs/treasury restructuring proposal (Snapshot sushigov.eth), citing hostile takeover threat. The underlying proposal was publicly on Snapshot and forum-discussed, but the specific authorization for the ops multisig to cast governance votes using protocol-controlled SUSHI tokens was not preceded by a governance-forum motion authorizing that specific action. Community members explicitly stated they did not expect the core team's wallet would ever be used in governance voting. Allegations of new wallet creation to boost voting power also raised (Naim Boubziz claim). Rekt.news ('Something Smells Fishy') additionally documents the ops multisig withholding Merkel Distributor tokens for 10 months post-governance-vote. (2) October 2023: Sushi Labs became a private limited company with no public announcement at formation. These together constitute a
Sources #
- URLSushiSwap Community Cries Foul Over Vote to Centralize $53M TreasuryDecrypt Apr 2024 — Community cries foul over vote to centralize treasuryretrieved 2026-05-17
- SushiSwap Snapshot Governance Space sushigov.ethSnapshot sushigov.eth — Labs model proposal discussion (April 2024)retrieved 2026-05-17
- Sushi — Something Smells Fishy (rekt.news)rekt.news — Sushi Something Smells Fishy — ops multisig control findingsretrieved 2026-05-17
Methodology #
Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.
See the full factor methodology and distribution across all protocols →