Emergency-veto multisig present
Liquid Collective (LsETH)'s assessment for RD-F-040 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No dedicated emergency-veto multisig or guardian role exists. TUPProxy admin (Proxy Admin Safe) holds pause authority but is the same entity with full upgrade authority — not an independent check. No separate veto entity exists that could block a malicious Proxy Admin Safe upgrade proposal. The only 'emergency' mechanism is the same Safe that could be the threat vector.
Sources #
- DocsLiquid Collective architecture — no emergency-veto multisig documenteddocs.liquidcollective.io/eth/overview/architecture — no veto mechanism describedretrieved 2026-05-17
- TUPProxy.sol — no independent veto/guardian roleliquid-collective/liquid-collective-protocol/blob/main/contracts/src/TUPProxy.sol — pause controlled by same admin as upgraderetrieved 2026-05-17
Methodology #
Determine whether an emergency-veto or guardian multisig exists with power to cancel malicious proposals before execution.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol liquid-collective factor RD-F-040 score red collected_at 2026-05-16 19:46:23