Admin key custody type

Sanctum's assessment for RD-F-025 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Program upgrade authority held by Squads multisig vault PDA for core programs (Infinity, Router, Unstake). CLOUD supply governed by two cold multisigs (4-of-7 each), each with 3 named external ecosystem signers. Hybrid model: Squads multisig + nascent futarchy governance via MetaDAO. No independent timelock controller identified. Green baseline (multisig exists) but downgraded to yellow due to absent timelock.

Sources #

Docs
$CLOUD Genesis Mint and AccountabilitySanctum $CLOUD Genesis Mint and Accountability blog (referenced in search results; 403 on direct fetch)retrieved 2026-05-04
URL
Sanctum on Solana: Project Review, Programs, Token, MetricsSolanaCompass project page confirming multi-signature wallets for key protocol functionsretrieved 2026-05-04

Methodology #

Read the effective admin/owner/upgrader role on deployed contracts and classify as: EOA / multisig / multisig+timelock / full DAO+timelock / immutable.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sanctum factor RD-F-025 score yellow collected_at 2026-05-04 18:49:23