Hot-patch deploys without timelock (last 30 days)

Across Protocol's assessment for RD-F-138 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Hot-patch deploys without timelock in last 30d | All SpokePool upgrades appear to go through the Council multisig (relaySpokePoolAdminFunction on HubPool), which is not a timelock. Whether the Feb 2, 2026 upgrade (within 30d range) was preceded by a governance vote or was a direct Council action is unclear. The 2024 diff audit specifically noted that some upgrades were direct Council actions (OZ diff audit covers "diff" changes presumably authorized by Council). No evidence of bypass of even ...

Sources #

Curator note
Extracted from 02-governance-admin.md — RD-F-138; no URL citedretrieved 2026-04-28

Methodology #

Count upgrades executed in the last 30 days without going through the declared timelock path.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol across-protocol factor RD-F-138 score gray collected_at 2026-04-30 21:19:18