Admin EOA signing from new geography/device
Yearn Finance's assessment for RD-F-107 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Admin EOA signing from new geography/device fingerprint. Structurally-limited for Yearn: ychad is a 6-of-9 multisig (not an EOA); admin signing occurs via Gnosis Safe multi-signature coordination. Geography/device fingerprinting of multisig co-signers is off-chain and not publicly accessible. Requires MPC/session-key provider telemetry. V2-deferred; P2 signal.
Sources #
- Curator noteT-09 v2-deferred note for geography signalT-09 §3.3: F98 'admin EOA signing from new geography' is v2-deferred; requires off-chain MPC/session-key providers exposing device fingerprints. Not available publicly.retrieved 2026-05-16
- Etherscan — ychad multisig (Yearn Treasury)ychad multisig 0xFEB4acf3df3cDEA7399794D0869ef76A6EfAff52 is a Gnosis Safe 1.3.0 contract — admin signing is multisig-coordinated, not single-EOA geography-trackable.retrieved 2026-05-16
Methodology #
Detect whether an admin/upgrader EOA signs from a geography or device fingerprint inconsistent with prior signing history.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol yearn-finance factor RD-F-107 score gray collected_at 2026-05-16 08:34:32