Admin key custody type

Midas's assessment for RD-F-025 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

ProxyAdmin (0xbf25b58c) is owned by EOA 0x875c06A2 (no bytecode; executed Sep-2024 and Apr-2025 upgrades directly). A Gnosis Safe 0xB60842E9 (1-of-3) is proposer/executor on TimelockController 0xe3eee3e0 (48h delay) for the Dec-2025 upgrade path only. Operational role admin is EOA 0xd4195CF4 making active grant/revoke calls. Architecture is multisig-without-full-timelock on the safe path, and direct-EOA on the ProxyAdmin path. Yellow: multisig exists but the critical ProxyAdmin ownership remains with an EOA.

Sources #

Etherscan
ProxyAdmin owner code tab — EOA confirmedProxyAdmin owner confirmed EOA — no bytecode at 0x875c06A295c41c27840b9c9dfda7f3d819d8bc6aretrieved 2026-05-16
Etherscan
Gnosis Safe admin — EtherscanSafe 0xB60842E9 is SafeProxy 1.4.1 — confirmed contract typeretrieved 2026-05-16
URL
TimelockController — EtherscanTimelockController 0xe3eee3e0: minDelay=172800s, proposer/executor=Safe 0xB60842E9retrieved 2026-05-16

Methodology #

Read the effective admin/owner/upgrader role on deployed contracts and classify as: EOA / multisig / multisig+timelock / full DAO+timelock / immutable.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-025 score yellow collected_at 2026-05-16 09:34:55