Role separation: upgrade ≠ fee ≠ oracle

Dolomite's assessment for RD-F-035 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The 2-of-3 GnosisSafe controls all privileged functions: oracle config (ownerSetInterestSetter), fee collection (ownerWithdrawExcessTokens), and upgrade-adjacent parameter changes — all through the same PartiallyDelayedMultiSig. No distinct role separation found for upgrade vs fee vs oracle.

Sources #

Docs
Dolomite Admin Privileges — no role separationdocs.dolomite.io/admin-privileges — single admin controls all function categoriesretrieved 2026-05-16

Methodology #

Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dolomite factor RD-F-035 score red collected_at 2026-05-16 11:12:56