defirisk.co
rubric v1.7.0

Sudden admin-rescue/ACL change without discussion

StakeWise v3's assessment for RD-F-123 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL FACTOR] On 2025-11-03, following the Balancer v2 exploit, the DAO emergency multisig executed an on-chain ACL change without any preceding SWIP or governance forum discussion: (1) added DAO Safe as osETH and osGNO token controller, (2) burned ~5,041 osETH and 13,495 osGNO from the hacker's wallet, (3) minted equivalent amounts to DAO wallet, (4) revoked controller status — all within the same transaction series on the night of the exploit. SWIP-37 ('Renounce osETH & osGNO Token Contract Ownership') was posted 2025-11-04, the day AFTER the emergency action. The StakeWise governance process document specifies no emergency exception to the standard 3-phase SWIP process. Context for yellow (not red): (a) action was defensive — recovering stolen user funds from an external exploit, not a protocol exploit; (b) immediately and publicly announced on X same evening; (c) controller privileges were self-revoked within the same transaction series; (d) post-hoc governance completed via

Sources #

Methodology #

Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stakewise factor RD-F-123 score yellow collected_at 2026-05-16 01:03:28