★ Single admin EOA

Multipli's assessment for RD-F-027 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[CRITICAL] MultipliBridger owner is bare EOA 0x151799d9072b0Ca939550906E7E79506bF4BeeE3 with no timelock (confirmed via Etherscan contract read). Avalanche vault owner is bare EOA 0x8cFee31bf3A57EC2C86D9e0f476Bd36aCA611Fa5 (confirmed via Snowtrace). eth_getCode on both = 0x (EOA per profile bootstrap). No multisig, no timelock on any chain.

Sources #

Etherscan
Multipli: Bridger — current owner read confirms bare EOAEtherscan MultipliBridger readContract owner() = 0x151799d9072b0Ca939550906E7E79506bF4BeeE3retrieved 2026-05-17
Etherscan
Avalanche vault RolesAuthority — owner is bare EOA 0x8cFee31bSnowtrace: RolesAuthority 0xf580B985 deployed by 0x8cFee31b; all role-set calls from same EOAretrieved 2026-05-17
Tx
MultipliBridger deploy — EOA deployer confirmed as current ownerMultipliBridger deploy tx 0x894a7fc — deployer = owner = 0x151799d9072b0Ca939550906E7E79506bF4BeeE3retrieved 2026-05-17

Methodology #

Determine whether the effective upgrade/owner/rescue role is held by a single EOA (not a multisig) with no timelock on sensitive operations.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol multipli factor RD-F-027 score red collected_at 2026-05-17 11:48:35