★ Sudden admin-rescue/ACL change without discussion

Wormhole's assessment for RD-F-123 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Sudden admin-rescue / ACL change absent issue/PR discussion | Wormhole's upgrade path requires 13/19 guardian supermajority via governance VAA — structurally resistant to single-actor admin override. No confirmed instance of an admin-rescue or ACL change executed without preceding discussion in the 180-day window was found. The "one key Wormchain" bug (Jan 2024) was a code vulnerability disclosed responsibly and patched within 48 hours — it was not an admin ACL change. No governance VAA chang...

Sources #

Governance
https://forum.wormhole.com/retrieved 2026-04-28
GitHub
https://github.com/wormhole-foundation/wormhole/blob/main/ethereum/contracts/Governance.solretrieved 2026-04-28

Methodology #

Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol wormhole factor RD-F-123 score gray collected_at 2026-04-28 01:38:43