defirisk.co
rubric v1.7.0

Admin = deployer EOA after 7 days

BlackRock USD Institutional Digital Liquidity Fund (BUIDL)'s assessment for RD-F-043 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[PD-042 rescore 2026-05-12, v1.7.0+] Single-administrator / no-multisig design is intentional architecture for a regulator-controlled tokenized issuer (the regulator is the counterparty-discipline mechanism). However, the residual operational risk of a single deployer-key compromise concentrating large fund-token authority is real, and the factor is downgraded to yellow rather than not_applicable to keep that signal visible. Per PD-042 (Cat 2 RWA-issuer subset, residual-risk treatment). ORIGINAL EVIDENCE (preserved from v1.6.0 grading): Securitize Deployer EOA (0xd69fefe5) created BUIDL proxy 2024-03-01. 25+ months later admin chain still traces back to this EOA. No setOwner events detected. Only 1 internal tx (creation). Admin = deployer EOA without independent multisig transfer.

Sources #

  • Etherscan
    https://etherscan.io/address/0x7712c34205737192402172409a8f7ccef8aa2aecretrieved 2026-04-26
  • Etherscan
    https://etherscan.io/address/0xd69fefe5df62373dcbde3e1f9625cf334a2dae78retrieved 2026-04-26

Methodology #

Determine whether, at t = deploy+7d, the admin address still equals the deployer EOA with no evidence of transfer to a multisig.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol blackrock-buidl factor RD-F-043 score yellow collected_at 2026-05-12 09:40:42