Role separation: upgrade ≠ fee ≠ oracle

Save (formerly Solend)'s assessment for RD-F-035 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Three distinct addresses documented: upgrade authority (RY93CZYe...), lending market owner (5pHk2TmnqQzRF9L6egy5FfiyBgS7G9cMZ5RFaJAvghzw), fee receiver (9RuqAN42PTUi9ya59k9suGATrkqzvb9gk2QABJtQzGP5). Oracle config is per-reserve via lending market owner. Addresses differ on-chain. Partial role separation exists at address level. However, all power ultimately reduces to the upgrade authority EOA since program upgrades override all other roles. Yellow: partial separation but no structural guarantee.

Sources #

URL
Save Architecture Addressesdocs.save.finance/architecture/addresses — three distinct role addressesretrieved 2026-05-17

Methodology #

Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-035 score yellow collected_at 2026-05-17 15:20:15