Role separation: upgrade ≠ fee ≠ oracle

Compound V3 (Comet)'s assessment for RD-F-035 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

All three governance roles (upgrade, fee/reserve config, oracle config) route through the single Timelock as final executor. Role separation exists at the calldata level (different target contracts, different functions) but all execution concentrates through the same Timelock address. Design choice, not misconfiguration.

Sources #

Etherscan
https://etherscan.io/address/0x316f9708bB98af7dA9c68C1C3b5e79039cD336E3retrieved 2026-04-28
Docs
https://docs.compound.finance/governance/retrieved 2026-04-28

Methodology #

Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol compound-v3 factor RD-F-035 score yellow collected_at 2026-04-28 00:20:50