defirisk.co
rubric v1.7.0

Admin key custody type

A governance & admin factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor records the categorical type of custody arrangement holding the protocol's most privileged admin role: one of EOA, multisig, multisig-plus-timelock, full DAO-plus-timelock, or immutable (no admin). The value is determined by an on-chain read of the owner, admin, or ProxyAdmin slot on every major deployed contract. The result is a single categorical label that anchors the full governance & admin section — it is the baseline posture description from which more specific factors (RD-F-027 through RD-F-047) derive their context.

**Why it matters** Admin key custody type is the foundational governance signal — before assessing threshold sizes, timelock durations, or role separation, a depositor needs to know what class of mechanism holds ultimate control. The evidence base shows that every off-chain key compromise incident in the dataset was possible only because the exploited admin role was held by a custody type that could be compromised with a single key or a small coordinated set of keys. Immutable protocols cannot be upgraded by anyone and occupy a different risk category entirely; DAO-plus-timelock protocols have the highest structural resistance to unilateral action; EOA protocols have the lowest. This factor drives the display value on the protocol card and informs which sub-factors are applicable.

**Green / Yellow / Red** Green is assigned when the highest-privilege admin role is held by a multisig-plus-timelock or full DAO-plus-timelock, with the timelock meeting the minimum duration threshold assessed under RD-F-032. Yellow covers a multisig without timelock or a DAO without timelock. Red is assigned when the admin role is held by a single EOA (which also triggers RD-F-027), or when no admin role can be identified from on-chain data (opacity, not immutability).

**Common gray cases** This factor is grayed only when proxy architecture obscures the admin slot entirely and no published documentation identifies the governance type — an uncommon state for any protocol with material TVL.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Read the effective admin/owner/upgrader role on deployed contracts and classify as: EOA / multisig / multisig+timelock / full DAO+timelock / immutable.

Data & output #

Data source
`owner()`, `admin()`, `getRoleMember()` calls via RPC + Etherscan contract read tab
Output format
Green / Yellow / Red
Evidence artifact
Contract address + role slot value + address type classification + checked_at
Confidence signal
green = multisig+timelock or DAO+timelock; yellow = multisig without timelock; red = EOA; gray = admin role not readable (unverified or non-standard)

Scored protocols 80 carry this factor #

Protocol RD-F-025
Aave v3 ethereum green Across Protocol ethereum gray Aerodrome Finance base yellow Axelar Network ethereum yellow Babylon Protocol bitcoin green Balancer (v2 + v3) ethereum yellow Beefy Finance ethereum green BENQI avalanche yellow BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum yellow Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum green Chainlink CCIP ethereum green Circle USYC binance red Compound V3 (Comet) ethereum green Concrete ethereum yellow Convex Finance ethereum green crvUSD (Curve Stablecoin) ethereum red Curve Finance ethereum green deBridge ethereum yellow Dolomite ethereum green dYdX v4 (dYdX Chain) dydx green EigenLayer ethereum green Ethena ethereum yellow ether.fi ethereum green Euler V2 ethereum green Falcon Finance ethereum yellow Fluid ethereum yellow Frax Finance ethereum green GMX v2 (GMX Synthetics) arbitrum green Hyperlane ethereum yellow Hyperliquid arbitrum yellow Jito solana green Jupiter solana yellow Jupiter Perpetual Exchange solana green JustLend DAO tron green Kamino Lend solana yellow Kinetiq hyperliquid yellow Lido ethereum green Liquid Collective (LsETH) ethereum yellow Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc green Lombard Finance ethereum yellow M^0 ethereum yellow Maple Finance ethereum green Marinade Finance solana yellow Meteora solana yellow mETH Protocol ethereum green Midas ethereum yellow Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum red Ondo Finance ethereum green OpenEden ethereum yellow Orca solana green PancakeSwap bsc yellow Pendle Finance ethereum yellow Polymarket polygon yellow QuickSwap polygon yellow Raydium solana green Rocket Pool ethereum green Sanctum solana yellow Save (formerly Solend) solana red Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum green Spiko stellar yellow Stake DAO ethereum green StakeWise v3 ethereum yellow Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid yellow SUNSwap (sun.io) tron yellow Superstate ethereum red Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum yellow Symbiotic ethereum yellow Synapse Protocol ethereum yellow Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron yellow Usual (USD0 / bUSD0 / USUAL) ethereum yellow Veda (BoringVault) ethereum yellow Venus Protocol bsc green Wormhole ethereum gray Yearn Finance ethereum green
5 red · 37 yellow · 35 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-025 category 2 carried 80 critical no