Timelock on sensitive actions

M^0's assessment for RD-F-033 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Core protocol sensitive actions (Minter list, Validator list, rate parameters via setKey/addToList) route through StandardGovernor or EmergencyGovernor with TTG delays. No timelock on periphery proxy upgrades — deployer EOA direct. Split coverage: core timelocked via TTG; periphery upgrades not timelocked.

Sources #

GitHub
TTG Registrar — EtherscanTTG Registrar source: NotStandardOrEmergencyGovernor revert gates all setKey/addToListretrieved 2026-05-16
Etherscan
SwapFacility Proxy — EtherscanSwapFacility proxy admin = EOA; no TimelockController found on chainretrieved 2026-05-16

Methodology #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol m0 factor RD-F-033 score yellow collected_at 2026-05-16 09:46:19