Upgrade multisig signer configuration (M/N)

Veda (BoringVault)'s assessment for RD-F-026 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[U18 RESOLVED — previously gray] TimelockController's sole proposer/executor is Gnosis Safe 0xD6E47E0F34ECc031E676254fd8b0E61b656a15a5 (Safe 1.4.1, created Dec 18 2025). Threshold = 3, owner_count = 5. Owners: 0xeC20A9462f7EdEc370AaD7c77bc999e054Ac4ba0, 0x6B3595C9A9262307075bA4a90EF6854a4802aC16, 0x162B522c4c8C4e246aebD23Ad236Da6831bB381a, 0x58a70365A6fD7A72172E2880Cb88CBcFcE2Db65d, 0x29d9dff059f3E321E1235ff74F3829Fa90D4eDd6. Signer identities not publicly attested to named individuals. Yellow: threshold and owners now known but identities unattested and no evidence of geographic/custody separation.

Sources #

Etherscan
Gnosis Safe 0xD6E47E0F — overviewSafe 0xD6E47E0F34ECc031E676254fd8b0E61b656a15a5 — SafeProxy 1.4.1, creation tx Dec 18 2025retrieved 2026-05-17
Tx
Safe Transaction Service mainnet — threshold and owners confirmed (U18)Safe Transaction Service mainnet API (safe-transaction-mainnet.safe.global): threshold=3, owner_count=5, 5 owner addresses confirmed for 0xD6E47E0F34ECc031E676254fd8b0E61b656a15a5retrieved 2026-05-17

Methodology #

Read `threshold` and `getOwners()` on the multisig controlling upgrade / sensitive ops. Store as `required` (M) and `total` (N); render as "M/N". For EOA admins record `required=1, total=1` (display "1/1"). Null when admin is immutable or full DAO with no fixed signer set.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-026 score yellow collected_at 2026-05-17 12:41:22