Timelock on sensitive actions

Circle USYC's assessment for RD-F-033 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No timelock on any sensitive action: mint via setMinterAllowance, pause via RolesAuthority, sweep/rescue, setOracle, upgradeTo. All gated only by owner EOA check. YieldCoin sweep() and RolesAuthority pause() confirmed as direct owner calls with no timelock intermediary.

Sources #

Etherscan
RolesAuthority impl - pause mechanism no timelockRolesAuthority impl 0xb59B1568 - pause() gated by onlyOwner with no timelock confirmedretrieved 2026-05-16
Etherscan
YieldCoin source - no timelock on sensitive functionsYieldCoin implementation 0xBF0f2F3a ABI shows sweep(address,uint256,address), setMinterAllowance, upgradeTo all as direct owner functionsretrieved 2026-05-16

Methodology #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol circle-usyc factor RD-F-033 score red collected_at 2026-05-15 21:56:43