★ Rescue/emergencyWithdraw without timelock

Centrifuge's assessment for RD-F-041 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Root contract has recoverTokens() function. Root's 48h timelock covers scheduleRely (granting new permissions). However, existing wards can call recoverTokens() directly without a separate timelock pass. UserEscrow contract constrains token recovery (tokens can only be transferred to the declared destination, not arbitrary addresses). Partial evidence — BSL-licensed source limits static analysis.

Sources #

Etherscan
https://etherscan.io/address/0x0C1fDfd6a1331a875EA013F3897fc8a76ada5DfCretrieved 2026-04-27
Audit
https://code4rena.com/reports/2023-09-centrifugeretrieved 2026-04-27

Methodology #

Determine whether a `rescue(…)` or `emergencyWithdraw(…)` function exists callable by admin without a timelock delay on execution.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol centrifuge factor RD-F-041 score yellow collected_at 2026-04-30 21:19:10