Timelock on sensitive actions

Aave v3's assessment for RD-F-033 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Upgrade: timelocked (Executor Lvl1/2). GHO mint: timelocked via governance AIP. Rescue: no direct rescue; equivalent via AIP (timelocked). Oracle replacement: timelocked via AIP. Pause/freeze: NOT timelocked (EMERGENCY_ADMIN role on Granular Guardian allows immediate reserve freeze — intentional emergency design). 4 of 5 action types timelocked.

Sources #

URL
Aave Governance Docs - role structureAave V3 ACLManager role mappingretrieved 2026-04-27

Methodology #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aave-v3 factor RD-F-033 score yellow collected_at 2026-04-27 23:28:46