defirisk.co
rubric v1.7.0

Sudden admin-rescue/ACL change without discussion

mETH Protocol's assessment for RD-F-123 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Three signals drive yellow: (1) Protocol Admin Safe (MLSPEngL1, 0x432ABcCb04DdD86Db9aA91FA3E03Fb566270c9ff) deployed 2026-01-26 with no corresponding governance forum discussion identified for this specific infrastructure change — no Mantle Forum thread or Snapshot vote found for the Jan 2026 admin Safe deployment; (2) TimelockController minDelay = 0 per constructor args and confirmed in docs — any admin role holder can execute changes immediately with no enforced delay window; (3) GitHub PR #7 ('add-new-admin-broadcast LSPMultiSig and MantleCouncil', merged 2023-11-02) had no description and no linked preceding issue. Mitigants preventing red: MIP-25 provided original governance sanction; docs openly acknowledge zero-delay timelock; Bybit hack response (Feb 2025) admin actions were crisis-driven and publicly disclosed. Not a 'sudden admin-rescue' without any governance context.

Sources #

Methodology #

Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol meth-protocol factor RD-F-123 score yellow collected_at 2026-05-16 02:17:50