defirisk.co
rubric v1.7.0

Hot-patch deploys without timelock (last 30 days)

Ethena's assessment for RD-F-138 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No proxy upgrades to track. Configuration changes (role grants, limit updates, custodian additions) execute via Dev Multisig direct transactions. No hot-patch deployments identified in last 30 days from public sources. Since no timelock exists, any change would bypass it by default — but no emergency hot-patches confirmed in last 30 days.

Sources #

  • Curator note
    Data cache: governance.timelock_address null, governance.type snapshot_only.research/protocols/ethena/00-data-cache.jsonretrieved 2026-04-28

Methodology #

Count upgrades executed in the last 30 days without going through the declared timelock path.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ethena factor RD-F-138 score not_assessed collected_at 2026-04-28 13:58:51