defirisk.co
rubric v1.7.0

Role separation: upgrade ≠ fee ≠ oracle

Kinetiq's assessment for RD-F-035 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Protocol design has distinct roles: upgrade (ProxyAdmin Safe), fee/treasury (TREASURY_ROLE on StakingManager), oracle config (MANAGER_ROLE on OracleManager). Design intent is role-separated. However, the DEFAULT_ADMIN_ROLE (Safe) can reassign all subordinate roles without timelock, meaning functional separation depends on Safe discipline. Actual role-holder addresses for MANAGER/TREASURY are unconfirmed.

Sources #

  • GitHub
    Kinetiq Code4rena README (role hierarchy)Code4rena README: DEFAULT_ADMIN_ROLE, MANAGER_ROLE, TREASURY_ROLE, OPERATOR_ROLE, SENTINEL_ROLE are distinct; OracleManager.sol: MANAGER_ROLE controls oracle paramsretrieved 2026-05-17

Methodology #

Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol kinetiq factor RD-F-035 score yellow collected_at 2026-05-17 15:29:57