★ Sudden admin-rescue/ACL change without discussion
ether.fi's assessment for RD-F-123 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
ether.fi uses a 1-hour minimum timelock (EtherFiTimelock 0x9f26d4C958fD811A1F59B01B86Be7dFFc9d20761) for contract upgrades, with Safe multisig (0xcdd57D11476c22d265722F68390b036f3DA48c21, 154 txns) as proposer/executor. Governance forum (governance.ether.fi) contains no dedicated ACL, RoleRegistry, or access-control-change discussion threads — forum focuses on tokenomics and treasury governance. No governance-forum thread found within ±14 days of known upgrade events (EtherFiNodesManager impl 2026-02-02; weETH impl 2025-08-07 per profile §2). Safe Exec Transactions could not be decoded to individual payloads via public fetch. Not scored RED because: (1) the 1-hour timelock provides on-chain notice; (2) Certora ongoing FV programme (15 reports 2024-2026) implies pre-deploy technical review; (3) the ether.fi governance model separates operational technical upgrades from Snapshot governance votes; (4) no specific undiscussed admin-rescue-type event was affirmatively identified. Scored YEL
Sources #
- Governanceether.fi Governance Forumether.fi governance forum — no ACL/RoleRegistry threads foundretrieved 2026-04-28
- EtherFiTimelock (0x9f26d4C958fD811A1F59B01B86Be7dFFc9d20761) | EtherscanEtherFiTimelock 1-hour min delay (on-chain getMinDelay = 3600s)retrieved 2026-04-28
- Admin multisig (0xcdd57D11476c22d265722F68390b036f3DA48c21) | EtherscanAdmin multisig — 154 Exec Transactions; payloads not decodedretrieved 2026-04-28
Methodology #
Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.
See the full factor methodology and distribution across all protocols →