Timelock on sensitive actions

Dolomite's assessment for RD-F-033 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Most admin actions timelocked via PartiallyDelayedMultiSig. Four functions bypass timelock immediately: ownerSetMarketIsClosing (0xef6957d0), ownerSetMarketMaxWei (0x0cd30a0e), ownerSetInterestSetter (0x121fb72f), GLPWrappedTokenUserVaultFactory::setUserVaultImplementation (0x35598a02). These are parameter-setting not fund-drain functions but represent 4 of 5 sensitive action types not fully timelocked.

Sources #

Docs
Dolomite Admin Privileges — timelock bypass functionsdocs.dolomite.io/admin-privileges — bypass functions table with method IDsretrieved 2026-05-16
GitHub
PartiallyDelayedMultiSig.sol — bypass selector mappinggithub.com/dolomite-exchange/dolomite-margin/blob/master/contracts/external/multisig/PartiallyDelayedMultiSig.sol instantData bypass mechanismretrieved 2026-05-16

Methodology #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dolomite factor RD-F-033 score yellow collected_at 2026-05-16 11:12:56