defirisk.co
rubric v1.7.0

Admin key custody type

Save (formerly Solend)'s assessment for RD-F-025 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Upgrade path is a single-key EOA (is_on_curve: True) at RY93CZYe5g6drtG7W9PmHRPzaBLZ1uwihTzayQTmJfh (on-chain authoritative). Lending market owner is 5pHk2TmnqQzRF9L6egy5FfiyBgS7G9cMZ5RFaJAvghzw (controls reserve params only). Treasury/LM use Squads multisigs but these do NOT control program upgrades. Admin key custody type = EOA (worst tier).

Sources #

  • URL
    Save Access Controls — docs.save.financedocs.save.finance/architecture/access-controls — lending market owner and fee receiver rolesretrieved 2026-05-17
  • Internal
    Save protocol profile — upgrade authority and multisig topology.research/protocols/save/00-profile.md §3 and §6retrieved 2026-05-17

Methodology #

Read the effective admin/owner/upgrader role on deployed contracts and classify as: EOA / multisig / multisig+timelock / full DAO+timelock / immutable.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-025 score red collected_at 2026-05-17 15:20:15