defirisk.co
rubric v1.7.0

Admin/upgrade transaction in mempool

Lombard Finance's assessment for RD-F-102 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Admin/upgrade tx in mempool | Applicable: Yes (CRITICAL CONCERN) | Deployer EOA 0x3F6BF1C36CcBb59eAF8415301a0ceC73c344a079 is LombardTimeLock Proposer; 3-of-5 GnosisSafe 0x251a604E8E8f6906d60f8dedC5aAeb8CD38F4892 is Proposer+Executor. LombardTimeLock minDelay = 3600 seconds (1 hour). Most recent Ethereum upgrade: 2026-04-24. The 1-hour timelock means admin-tx-in-mempool detection would give users at most 60 minutes to act after a Timelock scheduling event -- dangerously short at $1.07B TVL. This signal is highly applicable but its utility is structurally impaired by the 1h delay. v1 phase-2 signal requiring mempool listener. Not currently firing (no pending upgrade tx as of 2026-05-05). Hexagate provides some coverage for upgrade/admin patterns. Yellow because structural risk is high even when signal is not currently firing.

Sources #

  • URL
    https://www.lombard.finance/blog/how-top-security-experts-safeguard-the-lbtc-ecosystem/retrieved 2026-05-05
  • Etherscan
    https://etherscan.io/address/0x055E84e7FE8955E2781010B866f10Ef6E1E77e59retrieved 2026-05-05

Methodology #

Detect an admin-role or upgrade transaction appearing in the mempool before confirmation.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lombard factor RD-F-102 score yellow collected_at 2026-05-05 12:03:08