defirisk.co
rubric v1.7.0

Emergency-veto multisig present

Uniswap (v2 + v3)'s assessment for RD-F-040 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2: not applicable (no governance). V3: no guardian or emergency-veto multisig exists. GovernorBravo cancel() is proposer-vote-based (not a guardian veto). No fast circuit-breaker. The 2-day Timelock window is the only post-vote defense. Combined: yellow.

Detail #

GovernorBravoDelegate: no guardian address defined. cancel() function exists but only cancellable if proposer's votes fall below proposalThreshold — a social/market mechanism, not an emergency veto. No address holds a dedicated cancel-role. GovernorAlpha.sol also lacks a guardian. Consequence: if a malicious proposal passes with sufficient votes, the only defense is the 2-day Timelock window during which community must notice and organize a response. Standard Compound Bravo limitation.

Sources #

  • GitHub
    GovernorAlpha sourceGovernorAlpha.sol: no guardian; cancel() is proposer-vote-based onlyretrieved 2026-04-29
  • GitHub
    GovernorBravoDelegate sourceGovernorBravoDelegate: cancel() function — no guardian address definedretrieved 2026-05-12

Methodology #

Determine whether an emergency-veto or guardian multisig exists with power to cancel malicious proposals before execution.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-040 score yellow collected_at 2026-05-12 10:36:11