defirisk.co
rubric v1.7.0

Role separation: upgrade ≠ fee ≠ oracle

Aerodrome Finance's assessment for RD-F-035 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No oracle role (DEX, not lending). Fee management (PoolFactory feeManager) and governance (team multisig) are distinct logical roles. However all roads lead back to team multisig as root authority. No upgrade path on core contracts (immutable). Role separation is partial.

Sources #

  • Docs
    PERMISSIONS.mdPERMISSIONS.md — role breakdown showing team multisig as ultimate rootretrieved 2026-05-04

Methodology #

Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aerodrome factor RD-F-035 score yellow collected_at 2026-05-04 19:56:03