★ Single admin EOA

M^0's assessment for RD-F-027 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No EOA admin exists on any core contract. MToken minting gated to MinterGateway; Registrar writes require StandardGovernor or EmergencyGovernor. Deployer EOA retains privileged role on upgradeable periphery proxies only — core $325M TVS-bearing contracts have no EOA admin.

Sources #

GitHub
MToken.sol — m0-foundation/protocol GitHubMToken source: onlyMinterGateway modifier; no owner patternretrieved 2026-05-16
Etherscan
MinterGateway — EtherscanMinterGateway source: NotStandardOrEmergencyGovernor revert; no ownerretrieved 2026-05-16
Etherscan
SwapFacility Proxy — EtherscanSwapFacility proxy admin = M0: Deployer (periphery, not core)retrieved 2026-05-16

Methodology #

Determine whether the effective upgrade/owner/rescue role is held by a single EOA (not a multisig) with no timelock on sensitive operations.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol m0 factor RD-F-027 score green collected_at 2026-05-16 09:46:19