★ Sudden admin-rescue/ACL change without discussion

Stake DAO's assessment for RD-F-123 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

SDGP-67 (signer replacement PumpkingWok to qqqqqd, posted 2026-05-05) is the primary ACL-change event in the 180-day window. It followed full governance process: 3-day feedback period, 7-day Snapshot vote, 15% quorum requirement, public forum discussion, applicant self-attestation. GitHub commit log (last 30 commits) shows no admin/ACL/owner changes without corresponding tickets. Governance multisig Etherscan shows operational exec-transaction pattern with no sudden undiscussed role-change events. Yellow for residual structural ambiguity: (1) Aragon App 0x82e631fe admin authority unresolved — if it has remaining on-chain admin power, changes there could bypass Snapshot+multisig without appearing in governance forum; (2) timelock delay discrepancy unresolved. Not red — no evidence of an actual undiscussed ACL change found.

Sources #

Governance
SDGP #67 — Multisig Signer Replacement: PumpkingWok to qqqqqdSDGP-67 — signer replacement with full governance process documentedretrieved 2026-05-16
Etherscan
Stake DAO: Governance Multisig — EtherscanGovernance multisig Etherscan — operational exec-transaction pattern, no sudden ACL changesretrieved 2026-05-16
GitHub
stake-dao/contracts-monorepo Recent CommitsGitHub API recent commits — no undiscussed admin changes in last 30 commitsretrieved 2026-05-16

Methodology #

Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stake-dao factor RD-F-123 score yellow collected_at 2026-05-16 12:29:20