Guardian/pause-keeper distinct from upgrader

Meteora's assessment for RD-F-034 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No dedicated pause-keeper or guardian role distinct from the upgrade authority found. DBC set_pool_status (admin disables pools) flows through the same multisig-controlled admin path as upgrades. No evidence of a separate, lower-privilege guardian multisig that can act independently of the upgrade path. Partial mitigation: pool-level disable capability does provide some emergency control without requiring a full program upgrade.

Sources #

GitHub
DAMM v2 GitHub — Pool Status AdminMeteoraAg/damm-v2 README — set_pool_status (enable or disable pools) admin function, no separate guardian roleretrieved 2026-05-16
Docs
MeteoraAg GitHub OrganizationMeteoraAg GitHub org — no guardian multisig documentation foundretrieved 2026-05-16

Methodology #

Determine whether a pauser/guardian role exists and is held by an address distinct from the upgrader address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol meteora factor RD-F-034 score yellow collected_at 2026-05-16 10:03:05