★ Single admin EOA

Hyperlane's assessment for RD-F-027 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

U18 RESOLVED ON-CHAIN. Ethereum v3 Mailbox proxy EIP-1967 admin slot resolves to ProxyAdmin v1 (0x75EE15Ee1B4A75Fa3e2fDF5DF3253c25599cc659). On Dec 26 2022 (deploy day), the deployer EOA called transferOwnership() on ProxyAdmin v1 — tx 0x3db692a662ce7eb633864f84df9548b1844b984305b9061256e36fcaa6bd1452. New owner confirmed as 0x12C5AB61Fe17dF9c65739DBa73dF294708f78d23 (decoded from newOwner parameter in tx input data). Safe API confirms 0x12C5AB61 is a Gnosis Safe 1.3.0 with threshold=3, 6 owners — NOT a bare EOA. F027 does not fire: the ProxyAdmin v1 controlling the $132M Mailbox is owned by a 3-of-6 Safe, not a bare EOA. Scored yellow (not red): 3-of-6 is multisig-secured but below the 5-of-8+ peer norm for $132M bridge; upgrade path lacks a timelock (ProxyAdmin owner Safe can call upgrade directly without delay).

Sources #

URL
Safe API ProxyAdmin v1 owner Safe — U18 resolutionSafe API: 0x12C5AB61Fe17dF9c65739DBa73dF294708f78d23 threshold=3, owners=6, version=1.3.0, nonce=24 — confirmed Gnosis Safe, not EOAretrieved 2026-05-17
Etherscan
ProxyAdmin v1 Etherscan — tx historyProxyAdmin v1 creator 0xa7ECcdb9... (bare EOA); only 4 txs, all Dec 26 2022; Transfer Ownership was first action post-deployretrieved 2026-05-17
Etherscan
ProxyAdmin v1 transferOwnership tx — newOwner confirmedtransferOwnership tx 0x3db692a662...: newOwner=0x12C5AB61Fe17dF9c65739DBa73dF294708f78d23 — decoded from input data. Confirms day-0 ownership transfer from bare EOA to Safe.retrieved 2026-05-17

Methodology #

Determine whether the effective upgrade/owner/rescue role is held by a single EOA (not a multisig) with no timelock on sensitive operations.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperlane factor RD-F-027 score yellow collected_at 2026-05-16 23:03:56