Emergency-veto multisig present

Concrete's assessment for RD-F-040 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No emergency-veto multisig identified. The 3-of-5 Safe is the sole admin entity. No separate guardian with veto authority over malicious proposals. A malicious upgrade would have no independent veto mechanism.

Sources #

Etherscan
ConcreteFactory owner Safe — sole admin entity (no veto guardian)Single Safe (0xdc29BD10) is the only admin entity; no separate guardian/veto contract foundretrieved 2026-05-17

Methodology #

Determine whether an emergency-veto or guardian multisig exists with power to cancel malicious proposals before execution.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol concrete factor RD-F-040 score red collected_at 2026-05-17 14:36:59