★ Admin = deployer EOA after 7 days
A governance & admin factor in the v1.7.0 rubric. Measured per protocol on a s cadence.
Methodology how we score #
**What this measures** This factor checks whether, at the time of assessment (or at deploy+7 days for newly launched protocols), the admin address is still equal to the original deployer EOA with no evidence of transfer to a multisig or governance contract. On-chain reads of the owner(), admin(), or equivalent role slot are compared against the deployer address recorded at contract creation. A seven-day window is used because legitimate teams typically migrate admin authority to a governance structure within the first week of launch; persistence beyond that window is a strong signal of retained unilateral control.
**Why it matters** When a protocol's admin is the same wallet that deployed it, one entity holds both the privileged knowledge of how the protocol was constructed and the unilateral ability to modify or drain it. This combination is strongly correlated with rug pulls in the evidence base. Infini ($49.5M, 2025) demonstrated that a developer who retained admin credentials for 114 days after the handover period could execute a full drain with no external coordination. Merlin DEX ($1.82M, 2023) and Hope Finance ($1.86M, 2023) show the same pattern at smaller scale. The dashboard's synthesis data identifies "retained developer admin role" as one of the clearest predictors of insider-originated loss, particularly when combined with an anonymous team and no public access-control audit.
**Green / Yellow / Red** Green is assigned when admin authority has been verifiably transferred to a multisig or governance contract within seven days of deploy, with on-chain proof of the transfer transaction. Yellow covers cases where the transfer is pending or partially executed (e.g., one of two required steps completed), or where the deployer retains a non-critical role such as a fee-parameter setter. Red is assigned when the admin address is still the deployer EOA at day seven or later, with no on-chain evidence of a transfer in progress.
**Common gray cases** This factor is grayed when the deployer address cannot be identified from on-chain data (e.g., factory-deployed contracts where the factory's own admin holds the role), or when the protocol's governance architecture legitimately uses a deployer-controlled multisig that is separately assessed under RD-F-027 and RD-F-028.
**Notable historical examples** - **Infini** ($49.5M, 2025): Developer retained admin credentials 114 days post-deployment; executed drain without any external coordination. - **Hope Finance** ($1.86M, 2023): All three multisig owners coordinated a drain; admin had never been separated from the founding team. - **Merlin DEX** ($1.82M, 2023): Privileged Feeto EOA at deployment gave the developer direct drain capability confirmed by auditor but not remediated. - **BrincFi** ($1.1M, 2021): Head of development retained full upgrade authority post-launch; lawsuit filed after drain. - **Kannagi Finance** ($1.1M, 2023): Anonymous team retained MainChef privileged withdrawal function on zkSync.
**★ Critical factor** This factor alone is sufficient to trigger a D or F grade under rubric v1.7.0 — a single red assessment here overrides all other category scores. When the deployer EOA remains admin beyond the seven-day migration window, the protocol's security model is entirely dependent on the continued trustworthiness and operational security of a single individual.
Measurement what to look for #
Determine whether, at t = deploy+7d, the admin address still equals the deployer EOA with no evidence of transfer to a multisig.