defirisk.co
rubric v1.7.0

Admin/upgrade transaction in mempool

Balancer (v2 + v3)'s assessment for RD-F-102 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Admin/upgrade tx in mempool [T-09 v1] | Applicable: Yes — highly applicable and structurally critical | No pending admin/upgrade transactions from Ethereum DAO Multisig (0x10A19e7eE7d7F8a52822f6817de8ea18204F2e4f) or OpCo Safes detected in assessment window. Critical structural finding: v2 Vault current Authorizer is AuthorizerWithAdaptorValidation (0x6048A8c631Fb7e77EcA533Cf9C29784e482391e7) which does NOT enforce a timelock delay. TimelockAuthorizer (0x9E3cD0606Db55ac68845bB60121847823712ae05) is DEPRECATED per deployments registry. Any admin action approved by 6-of-11 multisig can execute with zero delay. Mempool signal fires simultaneously with execution — near-zero lead time for user protective action. This structural gap makes the signal critically important to deploy and simultaneously limits its protective value. Yellow reflects structural weakness even when signal is not currently firing. | Threshold: Pending tx to admin contracts with upgrade/pause/grantRole selector from adm

Sources #

  • GitHub
    https://github.com/balancer/balancer-deployments/blob/master/addresses/mainnet.jsonretrieved 2026-05-05
  • Etherscan
    https://etherscan.io/address/0x6048A8c631Fb7e77EcA533Cf9C29784e482391e7retrieved 2026-05-05

Methodology #

Detect an admin-role or upgrade transaction appearing in the mempool before confirmation.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol balancer factor RD-F-102 score yellow collected_at 2026-05-05 12:41:36