Timelock on sensitive actions

A governance & admin factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor is a boolean checklist recording whether each sensitive action category — mint, pause, rescue, oracle change, and contract upgrade — is subject to a timelock delay before execution. The result is a per-action boolean map (timelocked: yes/no) rather than a single aggregate score. A protocol that timelocks upgrades but not rescue functions scores partially; the non-timelocked rescue path still represents an immediate drain vector.

**Why it matters** Admin action categories have asymmetric risk profiles. A rescue function that bypasses the timelock covering upgrades negates the security value of that timelock entirely — an attacker who gains admin key access can call rescue() immediately while the upgrade mechanism remains protected by a 48-hour delay. The pattern of selective timelock application is common in DeFi protocols that added a governance timelock in response to market pressure but did not apply it consistently across all privileged action categories. The evidence base shows that mint and rescue are the two most frequently bypassed categories.

**Green / Yellow / Red** Green is assigned when all five action categories (mint, pause, rescue, oracle change, upgrade) are timelocked with a delay meeting the RD-F-032 threshold. Yellow covers configurations where three or four categories are timelocked and the untimelocked categories are low-severity (pause only). Red is assigned when mint, rescue, or upgrade is executable without any timelock by an admin-level role.

**Common gray cases** This factor is grayed when the protocol does not have all five action types (e.g., no mint function on a DEX), in which case only applicable categories are scored and missing categories are noted.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

Data & output #

Data source

Source inspection + on-chain `AccessControl` / `TimelockController` role mapping via RPC

Output format

Green / Yellow / Red

Evidence artifact

JSON map of action-type → timelocked (bool) + timelock address

Confidence signal

green = all five action types timelocked; yellow = 3–4 timelocked; red = ≤2 timelocked or rescue/upgrade not timelocked; gray = action types not separable from source

Scored protocols 80 carry this factor #

Protocol RD-F-033

Aave v3 ethereum yellow Across Protocol ethereum gray Aerodrome Finance base red Axelar Network ethereum yellow Babylon Protocol bitcoin yellow Balancer (v2 + v3) ethereum red Beefy Finance ethereum yellow BENQI avalanche red BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum yellow Centrifuge ethereum yellow Chainlink CCIP ethereum yellow Circle USYC binance red Compound V3 (Comet) ethereum yellow Concrete ethereum red Convex Finance ethereum yellow crvUSD (Curve Stablecoin) ethereum red Curve Finance ethereum yellow deBridge ethereum red Dolomite ethereum yellow dYdX v4 (dYdX Chain) dydx yellow EigenLayer ethereum yellow Ethena ethereum red ether.fi ethereum yellow Euler V2 ethereum yellow Falcon Finance ethereum red Fluid ethereum red Frax Finance ethereum yellow GMX v2 (GMX Synthetics) arbitrum yellow Hyperlane ethereum yellow Hyperliquid arbitrum red Jito solana yellow Jupiter solana red Jupiter Perpetual Exchange solana yellow JustLend DAO tron yellow Kamino Lend solana red Kinetiq hyperliquid red Lido ethereum yellow Liquid Collective (LsETH) ethereum red Liquity V1 + V2 (LUSD / BOLD) ethereum not_applicable Lista DAO bsc yellow Lombard Finance ethereum yellow M^0 ethereum yellow Maple Finance ethereum yellow Marinade Finance solana red Meteora solana red mETH Protocol ethereum yellow Midas ethereum red Morpho V1 (Morpho Blue + MetaMorpho) ethereum yellow Multipli ethereum red Ondo Finance ethereum not_applicable OpenEden ethereum red Orca solana yellow PancakeSwap bsc yellow Pendle Finance ethereum red Polymarket polygon red QuickSwap polygon red Raydium solana yellow Rocket Pool ethereum yellow Sanctum solana red Save (formerly Solend) solana red Sky Lending (formerly MakerDAO) ethereum yellow Spark Protocol ethereum yellow Spiko stellar red Stake DAO ethereum yellow StakeWise v3 ethereum red Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid red SUNSwap (sun.io) tron red Superstate ethereum red Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum red Symbiotic ethereum red Synapse Protocol ethereum red Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron red Usual (USD0 / bUSD0 / USUAL) ethereum red Veda (BoringVault) ethereum red Venus Protocol bsc yellow Wormhole ethereum gray Yearn Finance ethereum yellow

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.

rubric_version v1.7.0 factor RD-F-033 category 2 carried 80 critical no