★ Sudden admin-rescue/ACL change without discussion
Orca's assessment for RD-F-123 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
All Whirlpools program upgrades must pass through the Squads v4 multisig (3-of-10, 86400s = 24h on-chain timelock) — pipeline-verified. The 24h timelock is genuine (not a documentation claim). Governance Council changes are deliberated via forums.orca.so proposals with public comment periods and on-chain Realms tokenholder votes with veto windows. No evidence of sudden ACL changes executed without preceding public discussion. The governance forum (forums.orca.so) maintains a public, indexed record of proposals dating from 2022, and on-chain Realms proposals (governance.orca.so) provide additional auditability. Contrast with Drift Protocol comparator (RD-F-182 class): Orca's timelock is genuine and the access-control change process is public.
Sources #
- URLOrca Governance Council Technical Proposal — public ACL/governance structure discussionhttps://forums.orca.so/t/governance-council-technical-proposal/178retrieved 2026-05-16
- Data cache — Squads v4 on-chain timelock pipeline verification (86400s, 3-of-10)cache: sources.solana_multisigs[0] — verified_time_lock_seconds=86400, threshold=3, members=10; pipeline trace 4PyKvttqohcw8KVVwdNoFGSAjFNjvyNAtK7xasSzamW5nZei3RT3jrgtuYqVqXHD5rJ27hoJ61mboH6HVJ6sTjefretrieved 2026-05-16
- Orca Governance Proposals forum — public proposal history indexhttps://forums.orca.so/c/governance-proposals/5retrieved 2026-05-16
Methodology #
Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.
See the full factor methodology and distribution across all protocols →