Hot-patch deploys without timelock (last 30 days)

Beefy Finance's assessment for RD-F-138 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The 6-hour vault-level delay is the only timelock in place. panic() and inCaseTokensGetStuck() execute without timelock by design. Dev multisig last transacted 2026-04-20 (35 days before assessment). Nature of that transaction not determined. No specific timelock-bypass event in last 30 days identified, but the structural absence of a protocol-level timelock means hot-patch-style deploys are architecturally possible without any delay.

Sources #

Etherscan
Beefy Dev Multisig — Etherscan last transaction0x34fef5da92c59d6ac21d0a75ce90b351d0fb6ce6 last tx 2026-04-20 — Exec Transactionretrieved 2026-05-16
GitHub
BeefyVaultV7.sol — no timelock on rescue functionspanic() and inCaseTokensGetStuck() have no timelock by design in source coderetrieved 2026-05-16

Methodology #

Count upgrades executed in the last 30 days without going through the declared timelock path.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol beefy factor RD-F-138 score yellow collected_at 2026-05-16 13:10:30