defirisk.co
rubric v1.7.0

Hot-patch deploys without timelock (last 30 days)

A post-deploy hygiene & change mgmt factor in the v1.7.0 rubric. Measured per protocol on a e cadence.

Methodology how we score #

**What this measures** This factor counts the number of upgrades executed in the trailing 30 days that bypassed the protocol's declared timelock path — meaning the upgrade was executed directly from an admin address without going through the queuing and delay mechanism. These are identified by comparing on-chain upgrade transaction timestamps against any prior queuing transactions in the timelock contract; upgrades with no corresponding queue event are classified as hot-patch deploys.

**Why it matters** Hot-patch deploys that bypass the timelock eliminate the user protection window that timelocks are designed to provide. Even legitimate emergency patches represent a choice to prioritize speed over the security of the timelock guarantee — and that choice, when made unilaterally, reduces the protocol's governance security posture to the level of a non-timelocked system for that specific change. The pattern of emergency-bypass deploys accumulating over time (four in the evidence base) indicates that the timelock is not structurally enforced but is instead a discretionary governance tool, which undermines its credibility as a security signal.

**Green / Yellow / Red** Green is assigned when zero hot-patch deploys occurred in the trailing 30 days, or when any bypass was explicitly authorized by governance vote and publicly documented. Yellow covers one hot-patch deploy in 30 days with a documented emergency justification. Red is assigned when two or more hot-patch deploys occurred in the trailing 30 days without corresponding governance authorization, or when any hot-patch modified a contract in scope for a current audit.

**Common gray cases** This factor is grayed when the protocol has no timelock (making "bypass" undefined), or when all upgrades in the window preceded the protocol's adoption of a timelock.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Count upgrades executed in the last 30 days without going through the declared timelock path.

Data & output #

Data source
`Upgraded` event timestamps vs `TimelockController` `CallExecuted` event timestamps (must match within same tx or tx-set)
Output format
Green / Yellow / Red
Evidence artifact
List of upgrade tx hashes + timelock bypass flag per upgrade
Confidence signal
green = 0 hot-patches; yellow = 1 hot-patch with documented emergency rationale; red = ≥2 hot-patches or any hot-patch without public explanation; gray = no upgrades in last 30 days

Scored protocols 80 carry this factor #

Protocol RD-F-138
Aave v3 ethereum green Across Protocol ethereum gray Aerodrome Finance base green Axelar Network ethereum yellow Babylon Protocol bitcoin green Balancer (v2 + v3) ethereum yellow Beefy Finance ethereum yellow BENQI avalanche gray BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum green Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum green Chainlink CCIP ethereum yellow Circle USYC binance green Compound V3 (Comet) ethereum green Concrete ethereum red Convex Finance ethereum green crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum green deBridge ethereum green Dolomite ethereum green dYdX v4 (dYdX Chain) dydx green EigenLayer ethereum gray Ethena ethereum not_assessed ether.fi ethereum green Euler V2 ethereum green Falcon Finance ethereum green Fluid ethereum yellow Frax Finance ethereum yellow GMX v2 (GMX Synthetics) arbitrum gray Hyperlane ethereum gray Hyperliquid arbitrum yellow Jito solana green Jupiter solana yellow Jupiter Perpetual Exchange solana yellow JustLend DAO tron gray Kamino Lend solana yellow Kinetiq hyperliquid red Lido ethereum green Liquid Collective (LsETH) ethereum green Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc green Lombard Finance ethereum green M^0 ethereum green Maple Finance ethereum green Marinade Finance solana green Meteora solana yellow mETH Protocol ethereum green Midas ethereum green Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum green Ondo Finance ethereum green OpenEden ethereum green Orca solana green PancakeSwap bsc green Pendle Finance ethereum not_assessed Polymarket polygon yellow QuickSwap polygon green Raydium solana green Rocket Pool ethereum green Sanctum solana green Save (formerly Solend) solana red Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum green Spiko stellar green Stake DAO ethereum yellow StakeWise v3 ethereum red Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid red SUNSwap (sun.io) tron green Superstate ethereum yellow Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum gray Symbiotic ethereum green Synapse Protocol ethereum yellow Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron yellow Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum red Venus Protocol bsc green Wormhole ethereum gray Yearn Finance ethereum green
6 red · 16 yellow · 47 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-138 category 9 carried 80 critical no