defirisk.co
rubric v1.7.0

Timelock on sensitive actions

Uniswap (v2 + v3)'s assessment for RD-F-033 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2: no sensitive actions exist (immutable). V3: all sensitive actions route through Timelock. No bypass path exists for mint, fee switch, or enableFeeAmount. Core pools are immutable — no pause or upgrade action exists. Combined: green.

Detail #

V3 Factory: enableFeeAmount() requires msg.sender == owner (= Timelock). setOwner() requires msg.sender == owner (= Timelock). V3FeeAdapter: feeSetter = Timelock. No rescue/emergency function on any contract. No oracle-setting function (V3 core does not consume external oracle). GovernorBravo admin = Timelock — no action bypasses it.

Sources #

  • Etherscan
    Uniswap Timelock sourceTimelock source: executeTransaction — all admin actions route hereretrieved 2026-05-12
  • GitHub
    UniswapV3Factory sourceUniswapV3Factory.sol: enableFeeAmount requires msg.sender == ownerretrieved 2026-04-29

Methodology #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-033 score green collected_at 2026-05-12 10:36:11