★ Sudden admin-rescue/ACL change without discussion

Yearn Finance's assessment for RD-F-123 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

GREEN (critical). Yearn's governance process mandates minimum 3-day forum discussion plus 5-day Snapshot vote before multisig execution (docs.yearn.fi/contributing/governance/proposal-process). YIP-84 (April 2025 signer rotation: Monoloco replaced by Ephy; Lumberg address key-rotation): 30-day public forum discussion period, fully documented rationale, voluntary departure confirmed. OZ TimelockController (0x88Ba032be87d5EF1fbE87336B7090767F367BF73) independently verified at 604800s (7 days) via Etherscan readContract getMinDelay(). No undiscussed or unilateral ACL changes identified in 180-day review window. Yearn's guardian-role design (ychad can nullify but cannot make proposals) further constrains insider-ACL-change risk.

Sources #

Etherscan
OZ TimelockController — EtherscanTimelockController 0x88Ba032be87d5EF1fbE87336B7090767F367BF73 — getMinDelay() = 604800 (7 days), independently verifiedretrieved 2026-05-16
Governance
YIP-84: Proposal to rotate multisig signer — Yearn Governance ForumYIP-84 forum post — 30-day public discussion, signer rotation with full rationale, April 13 2025retrieved 2026-05-16
Docs
Proposal Process | Yearn DocsYearn governance proposal process — 3-day forum + 5-day Snapshot mandatoryretrieved 2026-05-16

Methodology #

Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol yearn-finance factor RD-F-123 score green collected_at 2026-05-16 08:34:32