Admin key custody type

OpenEden's assessment for RD-F-025 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Admin is a 4-of-5 Gnosis Safe (0x8Ec4dD2DF01c188Ac5a5D870029E9cbb820d5844, Safe v1.3.0) with no timelock. Classified as multisig (no timelock). Confirmed as DEFAULT_ADMIN_ROLE holder on TBILL Price Oracle and as the caller of the 2025-08-14 vault upgrade via execTransaction. Yellow because multisig exists (not EOA) but no timelock protects any sensitive action.

Sources #

Etherscan
TBILL Vault V5 upgrade transaction (2025-08-14)Upgrade tx 0xf162138b6ff3526a0af3f9d7cdd953440801489a7b0e9b611c1b2aa311534f9e — Safe execTransaction to vault proxyretrieved 2026-05-16
Etherscan
TBILL Price Oracle — admin role confirmationTBILL Price Oracle 0xCe9a6626 readContract — DEFAULT_ADMIN_ROLE = 0x8Ec4dD2DF01c188Ac5a5D870029E9cbb820d5844retrieved 2026-05-16

Methodology #

Read the effective admin/owner/upgrader role on deployed contracts and classify as: EOA / multisig / multisig+timelock / full DAO+timelock / immutable.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol openeden factor RD-F-025 score yellow collected_at 2026-05-16 10:11:45