Role separation: upgrade ≠ fee ≠ oracle

Midas's assessment for RD-F-035 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Three roles assessed: (1) Upgrade role: ProxyAdmin owner EOA 0x875c06A2 (or Safe 0xB60842E9 for Dec-2025 path). (2) Fee admin: DEPOSIT_VAULT_ADMIN_ROLE / REDEMPTION_VAULT_ADMIN_ROLE holders (distinct from upgrader). (3) Oracle/DataFeed config: separate role per ManageableVault. Roles are architecturally separate but all grantable by DEFAULT_ADMIN_ROLE holder who can collapse them. Two of three roles are demonstrably distinct from upgrader. Yellow: 2-of-3 distinctness confirmed.

Sources #

GitHub
MidasAccessControlRoles.sol — role definitionsMidasAccessControlRoles.sol and ManageableVault.sol: separate role IDs for vault admin, upgrade path, and oracle configretrieved 2026-05-16

Methodology #

Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-035 score yellow collected_at 2026-05-16 09:34:55