★ Sudden admin-rescue/ACL change without discussion
Aerodrome Finance's assessment for RD-F-123 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Emergency Council multisig 0x99249b10593fCa1Ae9DAE6D4819F1A6dae5C013D created 2025-10-08, 26 months post-launch. New privileged role: kill/revive gauges, activate/deactivate managed NFTs, set pool name/symbol. No GitHub issue, PR, Snapshot proposal, governance forum post, or public announcement found preceding this creation within ±14 days. Mitigating factors: (1) Emergency Council is documented in PERMISSIONS.md and SPECIFICATION.md as planned architectural feature; (2) Aerodrome has no public governance forum (structural absence); (3) no timelock removal or threshold reduction accompanied the event (Drift-class precursor pattern absent); (4) role is scoped to gauge/NFT lifecycle, not full admin-rescue or token mint. YELLOW not RED: pre-described planned role, not sudden unannounced security-council downgrade.
Sources #
- GitHubaerodrome-finance/contracts PERMISSIONS.md — GitHubPERMISSIONS.md — Emergency Council role documented as planned featureretrieved 2026-05-04
- aerodrome-finance/contracts commits — GitHub APIGitHub commit log — no Emergency Council creation commit foundretrieved 2026-05-04
- aerodrome-finance/contracts Issues — GitHubGitHub issues — no ACL/Emergency Council discussion found (4 open issues, none related)retrieved 2026-05-04
- Emergency Council 0x99249b10 — BaseScanBaseScan Emergency Council contract — created 2025-10-08retrieved 2026-05-04
Methodology #
Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.
See the full factor methodology and distribution across all protocols →