Upgrade multisig signer configuration (M/N)

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-026 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Ops Multisig: 3-of-5 (Safe 1.3.0). Five signers: 0xB64Eb68Da4bfC230CA3B0dCa2D4ce75200f03c9f, 0xb193d7CbCC5eE20903f2Ac268981bF94595bE984, 0xde9B0969F9b7fBE8e9c83e98a49d9358C09b0A09, 0xe41AA443BAD860E6B584060Cc365B58dC34caf92, 0x4bb4c1B0745ef7B4642fEECcd0740deC417ca0a0. Treasury Multisig: 4-of-6 (Safe 1.1.1). 3-of-5 is below peer norm for >$100M TVL protocols.

Sources #

Etherscan
SushiSwap: Operation Multisig — EtherscanOps Multisig Etherscan — confirmed active 2026-05-15 with 264+ ERC-20 tokens heldretrieved 2026-05-17
Internal
00-data-cache.json safe_multisigsdata-cache safe_multisigs[0] and [1]: Ops 3-of-5 owners list, Treasury 4-of-6 owners listretrieved 2026-05-17

Methodology #

Read `threshold` and `getOwners()` on the multisig controlling upgrade / sensitive ops. Store as `required` (M) and `total` (N); render as "M/N". For EOA admins record `required=1, total=1` (display "1/1"). Null when admin is immutable or full DAO with no fixed signer set.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-026 score yellow collected_at 2026-05-16 19:50:37