Role separation: upgrade ≠ fee ≠ oracle

Usual (USD0 / bUSD0 / USUAL)'s assessment for RD-F-035 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Role separation at contract level: USD0_MINT, PAUSING_CONTRACTS_ROLE, BLACKLIST_ROLE, FLOOR_PRICE_UPDATER_ROLE, FEE_SWEEPER_ROLE are distinct roles. However, DEFAULT_ADMIN_ROLE holder (ProxyAdmin Safe 0xaaDa24...) can grant all roles to any address — single-point-of-control at admin layer despite role diversity at contract layer.

Sources #

Etherscan
RegistryAccess implementation — AccessControlDefaultAdminRulesUpgradeableRegistryAccess uses AccessControlDefaultAdminRulesUpgradeable; DEFAULT_ADMIN controlled by 0xaaDa24...retrieved 2026-05-17
Docs
bUSD0 tech docs — role taxonomybUSD0 tech docs: FLOOR_PRICE_UPDATER_ROLE, FEE_SWEEPER_ROLE, PEG_MAINTAINER_ROLE, EARLY_BOND_UNLOCK_ROLE, PAUSING_CONTRACTS_ROLE, DEFAULT_ADMIN_ROLE — 6 distinct rolesretrieved 2026-05-17

Methodology #

Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol usual factor RD-F-035 score yellow collected_at 2026-05-16 20:39:44