Emergency-veto multisig present

OpenEden's assessment for RD-F-040 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No emergency-veto mechanism identified. The Safe itself is the only admin entity; no separate guardian with cancel power over the Safe's own transactions. No `cancel()` or veto function in vault V4Impl or USDO source. The USDO PAUSE_ROLE may be separate from Safe but provides only token-transfer freeze, not a governance-level veto.

Sources #

Docs
OpenEden docs — no veto mechanism describeddocs.openeden.com — no emergency-veto multisig described in governance documentationretrieved 2026-05-16
GitHub
Vault V4Impl — no emergency veto mechanismVault V4Impl source: no cancel/veto function; no guardian multisig describedretrieved 2026-05-16

Methodology #

Determine whether an emergency-veto or guardian multisig exists with power to cancel malicious proposals before execution.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol openeden factor RD-F-040 score red collected_at 2026-05-16 10:11:45