defirisk.co
rubric v1.7.0

Guardian/pause-keeper distinct from upgrader

JustLend DAO's assessment for RD-F-034 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

pauseGuardian role exists in Comptroller (distinct from upgrader/admin). Comptroller _setPauseGuardian() sets it; _setMintPaused()/_setBorrowPaused() require pauseGuardian or admin. Role separation confirmed at contract level. However, identity of current pauseGuardian address not confirmed via direct Tronscan state read — confidence is medium on whether this is an EOA or the Timelock itself.

Sources #

  • GitHub
    JustLend Comptroller.sol — pauseGuardian roleComptroller.sol: _setPauseGuardian() admin function. _setMintPaused(), _setBorrowPaused(), _setTransferPaused(), _setSeizePaused() check: require(msg.sender == pauseGuardian || msg.sender == admin). Role separation confirmed.retrieved 2026-05-17

Methodology #

Determine whether a pauser/guardian role exists and is held by an address distinct from the upgrader address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol justlend factor RD-F-034 score yellow collected_at 2026-05-17 10:25:32