Role separation: upgrade ≠ fee ≠ oracle
Orca's assessment for RD-F-035 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Three distinct roles identified: upgrade authority (Squads vault PDA), fee_authority (WhirlpoolConfig parameter — set_fee_authority instruction), collect_protocol_fees_authority (set_collect_protocol_fees_authority instruction). No oracle role (no oracle in swap path — F180 N/A). Upgrade and fee roles are distinct Solana account roles, both gated through the Squads multisig but assigned separately.
Sources #
- URLOrca Whirlpool Parameters — fee authority and config authority roleshttps://dev.orca.so/Architecture%20Overview/Whirlpool%20Parameters/retrieved 2026-05-16
- Whirlpool program lib.rs (Anchor/Rust — confirms non-EVM substrate)https://github.com/orca-so/whirlpools/blob/main/programs/whirlpool/src/lib.rsretrieved 2026-05-16
Methodology #
Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol orca factor RD-F-035 score green collected_at 2026-05-16 02:39:16