Emergency-veto multisig present

A governance & admin factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor checks whether a governance veto or emergency-pause multisig exists that is specifically empowered to stop malicious proposals before they execute — distinct from the standard pause mechanism. The veto multisig must have the power to cancel or delay a queued proposal in the timelock, not merely pause the protocol's operational functions.

**Why it matters** A veto mechanism adds a second defensive layer above the standard timelock: even if a malicious governance proposal accumulates enough votes to pass (flash loan attack, whale concentration, insider vote), a veto multisig composed of independent security-focused parties can cancel it before execution. Several post-2022 governance improvements in major protocols (Compound, Aave, Uniswap) have added security councils or guardian roles specifically for this purpose. The absence of a veto mechanism means the only defense against a passed malicious proposal is the timelock delay itself — which is only useful if someone monitoring the queue takes action.

**Green / Yellow / Red** Green is assigned when an emergency veto multisig exists with at least a 2-of-N threshold, independent from the primary governance multisig, and with documented authority to cancel queued proposals. Yellow covers cases where a veto mechanism exists but is held by the same multisig as the governance executor (not truly independent). Red is assigned when no veto mechanism exists — the timelock alone is the only buffer between a passed proposal and execution.

**Common gray cases** This factor is grayed when the governance system is immutable or operates via a single-step on-chain vote with no separate queueing mechanism, rendering a veto multisig architecturally irrelevant.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Determine whether an emergency-veto or guardian multisig exists with power to cancel malicious proposals before execution.

Data & output #

Data source

Governance contract `cancel()` function + role holding the cancel permission via `AccessControl` read

Output format

Green / Yellow / Red

Evidence artifact

Cancel-role address + multisig type check

Confidence signal

green = veto/cancel role held by separate multisig with ≥3-of-N threshold; yellow = cancel role exists but held by same multisig as proposer; red = no cancel/veto mechanism; gray = no on-chain governance

Scored protocols 80 carry this factor #

Protocol RD-F-040

Aave v3 ethereum green Across Protocol ethereum gray Aerodrome Finance base green Axelar Network ethereum yellow Babylon Protocol bitcoin yellow Balancer (v2 + v3) ethereum yellow Beefy Finance ethereum yellow BENQI avalanche gray BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum yellow Centrifuge ethereum green Chainlink CCIP ethereum green Circle USYC binance red Compound V3 (Comet) ethereum yellow Concrete ethereum red Convex Finance ethereum yellow crvUSD (Curve Stablecoin) ethereum yellow Curve Finance ethereum yellow deBridge ethereum yellow Dolomite ethereum red dYdX v4 (dYdX Chain) dydx yellow EigenLayer ethereum green Ethena ethereum yellow ether.fi ethereum yellow Euler V2 ethereum green Falcon Finance ethereum red Fluid ethereum yellow Frax Finance ethereum yellow GMX v2 (GMX Synthetics) arbitrum yellow Hyperlane ethereum gray Hyperliquid arbitrum yellow Jito solana green Jupiter solana red Jupiter Perpetual Exchange solana yellow JustLend DAO tron yellow Kamino Lend solana red Kinetiq hyperliquid not_applicable Lido ethereum green Liquid Collective (LsETH) ethereum red Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc yellow Lombard Finance ethereum yellow M^0 ethereum yellow Maple Finance ethereum green Marinade Finance solana yellow Meteora solana yellow mETH Protocol ethereum yellow Midas ethereum not_applicable Morpho V1 (Morpho Blue + MetaMorpho) ethereum yellow Multipli ethereum gray Ondo Finance ethereum yellow OpenEden ethereum red Orca solana yellow PancakeSwap bsc yellow Pendle Finance ethereum yellow Polymarket polygon not_applicable QuickSwap polygon red Raydium solana yellow Rocket Pool ethereum yellow Sanctum solana yellow Save (formerly Solend) solana red Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum green Spiko stellar not_applicable Stake DAO ethereum yellow StakeWise v3 ethereum yellow Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid red SUNSwap (sun.io) tron yellow Superstate ethereum red Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum red Symbiotic ethereum not_applicable Synapse Protocol ethereum red Uniswap (v2 + v3) ethereum yellow USDD (Decentralized USD) tron yellow Usual (USD0 / bUSD0 / USUAL) ethereum yellow Veda (BoringVault) ethereum red Venus Protocol bsc green Wormhole ethereum gray Yearn Finance ethereum green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.

rubric_version v1.7.0 factor RD-F-040 category 2 carried 80 critical no