Guardian/pause-keeper distinct from upgrader

OpenEden's assessment for RD-F-034 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The `controller` role in the vault manages deposit/withdraw pause states and is distinct from the `owner` (Safe) which controls upgrades. setController() is callable by owner (Safe), but the controller itself is a separate address from the upgrade authority.

Sources #

GitHub
Vault V4Impl — controller vs owner role separationOpenEdenVaultV4Impl.sol: controller variable (setController by owner); separate from _authorizeUpgrade (onlyOwner). Controller manages pause states.retrieved 2026-05-16

Methodology #

Determine whether a pauser/guardian role exists and is held by an address distinct from the upgrader address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol openeden factor RD-F-034 score green collected_at 2026-05-16 10:11:45