★ Single admin EOA
Veda (BoringVault)'s assessment for RD-F-027 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
[U18 RE-CITED] Deployer EOA 0x0463e60c (ether.fi: Deployer 4) controlled RolesAuthority for ~24 months (Jun 2024–May 4 2026). Now transferred to TimelockController (minDelay=0) controlled by a verified 3-of-5 Gnosis Safe (U18 confirmed: threshold=3, owner_count=5). Single-key risk is eliminated by the 3-of-5 threshold. Not red because the 3-of-5 Safe provides genuine multisig protection (requires 3-of-5 signer coordination). Not green because: zero-delay timelock provides no exit-reaction window, and the 24-month historical EOA period is a material historical risk.
Sources #
- TxTransferOwnership tx — governance change May 4 2026tx 0xb19dec5edbadc94cb7e6aca07a7f138b6a623dc827585528c0ad4f7205114d4e — transferOwnership from EOA to TimelockControllerretrieved 2026-05-17
- Safe Transaction Service mainnet — 3-of-5 confirmed (U18)Safe Transaction Service mainnet API: Safe 0xD6E47E0F confirmed threshold=3, owner_count=5 — genuine 3-of-5 multisig (U18)retrieved 2026-05-17
- ether.fi Deployer 4 — tx history showing admin control periodDeployer 0x0463e60c setUserRole calls through Jan 2026; transferOwnership May 4 2026 to TimelockControllerretrieved 2026-05-17
Methodology #
Determine whether the effective upgrade/owner/rescue role is held by a single EOA (not a multisig) with no timelock on sensitive operations.
See the full factor methodology and distribution across all protocols →