defirisk.co
rubric v1.7.0

Sudden admin-rescue/ACL change without discussion

Uniswap (v2 + v3)'s assessment for RD-F-123 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[CRITICAL — GREEN] V3 core contracts (Factory 0x1F98431c8aD98523631AE4a59f267346ea31F984, Pool implementations) are fully immutable: no owner, no admin key, no upgrade proxy. Admin-rescue events are structurally impossible on core. All governance/periphery changes require complete Compound Bravo process: Temperature Check -> Consensus Check -> On-chain Proposal -> 7-day voting -> 2-day Timelock -> execution. No undiscussed admin change found in 2024-2025. V2 also fully immutable (feeToSetter = address(0)).

Detail #

Combined v2+v3 assessment. V2 core contracts have no governance surface: feeToSetter was the only governance-adjacent address at V2 launch and has since been renounced to address(0). The Uniswap Governor (0x408ED6354d4973f66138C91495F2f2FCbd8724C3) has NO authority over any V2 contract. V3 core pool and factory contracts are immutable (no proxy, no admin key, no upgrade path). Per the governance process docs (https://docs.uniswap.org/concepts/governance/process), all V3 governance changes require: (1) Temperature Check snapshot vote, (2) Consensus Check on gov.uniswap.org forum (≥5 days), (3) On-chain proposal with 7-day voting period, (4) 2-day Timelock delay. No admin-rescue or ACL change event bypassing this process has been identified in 2024-2025 governance history via gov.uniswap.org and Tally search.

Sources #

Methodology #

Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-123 score green collected_at 2026-05-12 10:36:11