Emergency-veto multisig present

Veda (BoringVault)'s assessment for RD-F-040 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No emergency-veto multisig found at the protocol level. Pauser.sol provides emergency pause on Manager but cannot veto TimelockController-scheduled operations. The TimelockController's controlling 3-of-5 Safe is also the proposer, executor, and admin — no external canceller role. A compromised 3-of-5 quorum can execute without any veto.

Sources #

GitHub
Pauser.sol — emergency pause for Manager onlyPauser.sol present for Manager pause onlyretrieved 2026-05-17
Tx
TimelockController constructor — single 3-of-5 Safe has all roles, no vetoTimelockController constructor: proposers=[0xD6E47E0F], executors=[0xD6E47E0F], admin=0xD6E47E0F — 3-of-5 Safe has all roles, no external cancellerretrieved 2026-05-17

Methodology #

Determine whether an emergency-veto or guardian multisig exists with power to cancel malicious proposals before execution.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-040 score red collected_at 2026-05-17 12:41:22