★ Rescue/emergencyWithdraw without timelock

Raydium's assessment for RD-F-041 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

WithdrawPnl in AMM V4 allows pnl_owner/amm_owner to extract accumulated protocol fees without an independent timelock (multisig threshold required but no separate time delay). CLMM collect_protocol_fee similarly has no independent timelock. These are limited to fee accruals, not full LP fund drainage. Post-Dec 2022 remediation removed the dangerous LP supply inflation + withdrawPNL combination. Current fee withdrawal is multisig-gated but not independently timelocked.

Sources #

URL
CertiK Raydium Exploit Analysis — withdrawPNL functioncertik.com/resources/blog/raydium-protocol-exploit-incident-analysisretrieved 2026-04-29
GitHub
Raydium AMM V4 processor.rs — WithdrawPnl signer check, no timelockgithub.com/raydium-io/raydium-amm processor.rsretrieved 2026-04-29

Methodology #

Determine whether a `rescue(…)` or `emergencyWithdraw(…)` function exists callable by admin without a timelock delay on execution.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol raydium factor RD-F-041 score yellow collected_at 2026-04-29 12:31:55