Security-Council threshold reduction (RT)
Sanctum's assessment for RD-F-182 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Batch-24 Cat 6B addition. T-09 v1.1 candidate (not yet production-live; pending FP-rate review). Highly relevant to Sanctum's architecture: Drift Protocol (April 2026, Solana, DPRK-attributed, $285M) was preceded by a 3/5→2/5 Security Council threshold reduction + timelock removal, then exploited 6 days later via durable-nonce pre-signed transactions. Sanctum uses Squads multisig for program upgrades (6-of-10 CLOUD supply; 11-member LST upgrade). Same Squads infrastructure; same durable-nonce attack class now confirmed active in Solana DeFi ecosystem. No confirmed threshold reduction on Sanctum's multisigs as of 2026-05-04. Multisig addresses not publicly resolved, preventing on-chain event monitoring. 11-member LST multisig with external reputable signers (Jito, Jupiter, Solblaze) provides stronger social-engineering resistance than Drift's 2-of-5 setup, but the attack class remains relevant.
Sources #
- URLDrift Protocol Hack: How Privileged Access Led to a $285M LossChainalysis — Drift Protocol hack analysis with Security Council threshold reduction detailretrieved 2026-05-04
- Drift Protocol Incident: Multisig Governance Compromise via Durable Nonce ExploitationBlockSec — Drift Protocol multisig governance compromise via durable nonceretrieved 2026-05-04
Methodology #
Detect in real-time whether the bridge/protocol Security Council multisig executes a threshold reduction (e.g. 3/5 → 2/5), timelock removal, or new-signer addition within ≤14 days of either of those events.
See the full factor methodology and distribution across all protocols →