defirisk.co
rubric v1.7.0

Role separation: upgrade ≠ fee ≠ oracle

Wormhole's assessment for RD-F-035 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Role separation: upgrade ≠ fee ≠ oracle | All three functions (upgrade, fee transfer, guardian-set change) are executed via the same governance VAA mechanism (13/19 guardian threshold). There is no role segregation — the same guardian set that can change implementations can also drain fees and rotate the guardian set. | Governance.sol function listing (submitContractUpgrade, submitTransferFees, submitNewGuardianSet all gated identically) | **yellow**

Sources #

  • Curator note
    Extracted from 02-governance-admin.md — RD-F-035; no URL citedretrieved 2026-04-28

Methodology #

Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol wormhole factor RD-F-035 score gray collected_at 2026-04-28 01:38:43