Timelock on sensitive actions

stHYPE (Valantis Labs)'s assessment for RD-F-033 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No timelock on any sensitive action (mint, pause, rescue, upgrade). AccessControl delay = 0. No TimelockController deployed. All five action types (mint, pause, rescue, setOracle/rebase, upgrade) are immediately executable by the Safe with no enforced delay.

Sources #

Tx
HyperEVMScan — April 2026 upgrade txhyperevmscan.io tx 0x11482a6a — no timelock contract in upgrade call chainretrieved 2026-05-17
Docs
stHYPE Upgrade and Risk Governancedocs.valantis.xyz/stakedhype/upgrade-and-risk-governance — no on-chain timelock; docs.valantis.xyz/stakedhype/roles-and-controls-registry — all roles held by Safe or immediate sub-contractsretrieved 2026-05-17

Methodology #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol staked-hype factor RD-F-033 score red collected_at 2026-05-17 13:02:38