★ Single admin EOA

Lista DAO's assessment for RD-F-027 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Admin is 3-of-6 multisig, not an EOA. Deployer EOA 0xd7e38800 holds only CANCELLER_ROLE and DEFAULT_ADMIN_ROLE on Timelock — not PROPOSER/EXECUTOR. No single EOA can execute privileged operations without multisig co-signers.

Sources #

Etherscan
Lista DAO Lending TimeLock role assignments — BscScanTimelock readContract: PROPOSER_ROLE=0x8d388136 (multisig); DEFAULT_ADMIN_ROLE=0xd7e38800 (EOA, canceller only)retrieved 2026-05-12
URL
Lista DAO Governance Multisig active use — Safe APISafe API confirms multisig is live governance address with nonce=2211retrieved 2026-05-12

Methodology #

Determine whether the effective upgrade/owner/rescue role is held by a single EOA (not a multisig) with no timelock on sensitive operations.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lista-dao factor RD-F-027 score green collected_at 2026-05-12 17:54:05