Timelock duration on upgrades

Veda (BoringVault)'s assessment for RD-F-032 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

TimelockController 0x80Ce8a917beec6Db0f632F2710916fcaA621874A: minDelay = 0 seconds (decoded from constructor args in deployment tx 0x85bd5824...). Zero enforced delay — the 3-of-5 Safe can propose and execute role changes or admin actions in the same block. The 3-of-5 Safe adds coordination cost but no time delay. Labeled 'Deployer Timelock V0.0' suggesting provisional/bootstrapping use, but it is now the live RolesAuthority owner. The separate ether.fi Timelock 0x9f26d4C9 has 3600s (1h) but is not confirmed linked to this vault cluster.

Sources #

Etherscan
ether.fi Timelock — 3600s delay (separate contract, link unconfirmed)ether.fi Timelock 0x9f26d4C9: minDelay=3600s (not confirmed linked to this vault)retrieved 2026-05-17
Tx
TimelockController deployment — minDelay=0 decodedtx 0x85bd5824d3a488785ffd5d8ee1ef21da9b21ebd9350fbb9021dab4bfa485b7b9 — TimelockController constructor args: minDelay=0, proposer=0xD6E47E0F (3-of-5 Safe)retrieved 2026-05-17

Methodology #

Read the timelock delay (in hours) between a queued upgrade proposal and its executable state.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-032 score red collected_at 2026-05-17 12:41:22