★ Single admin EOA

Cap (cUSD / stcUSD)'s assessment for RD-F-027 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No EOA holds unilateral upgrade authority. Deployer EOA (0xc1ab...b52) holds only Timelock EXECUTOR role (not proposer). Recent on-chain trace shows deployer routes via Safe execTransaction, not direct Timelock.execute() calls.

Sources #

Etherscan
Cap Deployer 1 EOA transaction historyCap Deployer 1 (0xc1ab...b52) recent txs show execTransaction to Safe 0xb8FC..., not direct Timelock execute callsretrieved 2026-05-17
Etherscan
Cap TimelockController — role configurationTimelockController constructor: executors=[0xb8FC49402dF3ee4f8587268FB89fda4d621a8793, 0xc1ab5a9593E6e1662A9a44F84Df4F31Fc8A76B52]. Proposer = dev multisig only.retrieved 2026-05-17

Methodology #

Determine whether the effective upgrade/owner/rescue role is held by a single EOA (not a multisig) with no timelock on sensitive operations.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol cap factor RD-F-027 score green collected_at 2026-05-17 10:56:24