defirisk.co
rubric v1.7.0

Role separation: upgrade ≠ fee ≠ oracle

JustLend DAO's assessment for RD-F-035 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Partial role separation: upgrade/oracle/collateral roles controlled by Timelock admin. reserveAdmin on jTokens is a separate role (identity unconfirmed). pauseGuardian is separate from admin. anchorAdmin on PriceOracle is separate (identity unconfirmed). Oracle and upgrade appear to share the same Timelock-admin path. Full separation cannot be confirmed without on-chain state reads.

Sources #

  • Etherscan
    JustLend PriceOracle — Tronscan APIPriceOracle TMiNCmvD3zdsv6mk7niBU6NPBzVNjYMQTV Tronscan API: methods include _acceptAnchorAdmin(), _setPendingAnchorAdmin(address), setPrices(address[],uint256[]) — separate anchorAdmin role from main admin.retrieved 2026-05-17
  • GitHub
    JustLend CTokenInterfaces.sol — role separationComptroller.sol: _setPriceOracle() requires admin. CToken.sol: _reduceReserves() requires reserveAdmin. CTokenInterfaces.sol: _setReserveFactor() via admin. PriceOracle API shows _setPendingAnchorAdmin() and setPrices() functions — separate anchorAdmin role.retrieved 2026-05-17

Methodology #

Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol justlend factor RD-F-035 score yellow collected_at 2026-05-17 10:25:32