★ Sudden admin-rescue/ACL change without discussion

Superstate's assessment for RD-F-123 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Superstate uses corporate governance (no public forum, no Snapshot, no DAO). The ProxyAdmin (0xCb8d325C0Af19697B8454481602097f93aa9040F) executed an upgrade tx on 2024-12-06 (tx 0x2bb6bcace2e6d878e4d606d9bc7e676fc734e45716a953bac09ea723200bab2d). GitHub repo shows 0 public issues and commit history shows most recent code changes are post-audit (commit 'Audit Fixes for 04142025 Report' by jakegsy, Apr 14 2025, tied to 0xMacro audit-6). No sudden covert admin-rescue or ACL change identified — changes are post-audit, traceable to published 0xMacro audit reports. Absence of public forum discussion is structural to corporate RWA-issuer model. Scored yellow not red: RWA-issuer corporate governance is the expected model; upgrade is tied to documented audit engagement, not a surprise insider change.

Sources #

GitHub
superstateinc/ustb commit historyGitHub commits — 'Audit Fixes for 04142025 Report' most recent change; post-audit pattern, not covert ACL changeretrieved 2026-05-16
Etherscan
Superstate ProxyAdmin — EtherscanProxyAdmin 0xCb8d325C0Af19697B8454481602097f93aa9040F — last upgrade tx 0x2bb6... on 2024-12-06retrieved 2026-05-16
GitHub
superstateinc/ustb Issues — 0 openGitHub issues — 0 open issues; repo shows 0 public governance discussions by design (corporate model)retrieved 2026-05-16

Methodology #

Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol superstate factor RD-F-123 score yellow collected_at 2026-05-16 00:06:37