diff --git a/data/submissions/maple/all/Chat-2026-05-30.json b/data/submissions/maple/all/Chat-2026-05-30.json new file mode 100644 index 0000000000..7e40ecda43 --- /dev/null +++ b/data/submissions/maple/all/Chat-2026-05-30.json @@ -0,0 +1,1212 @@ +[ + { + "schema_version": 4, + "slug": "maple", + "slice": "control", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-29", + "model": "gpt-5.5-thinking", + "chat_url": "https://chatgpt.com/s/t_6a1a1a8deda08191ad91dcdbd1627ea1", + "grading_basis": "mixed", + "grade": "orange", + "headline": "T1/T2 admin power runs through a 3-day GovernorTimelock plus non-Security-Council multisigs; emergency pause and some Base/admin surfaces remain weaker or partly unverifiable.", + "short_headline": "3-day T1 control", + "rationale": { + "findings": [ + { + "code": "C1", + "text": "On Ethereum, MapleGlobals reports governor/admin 0x2eFF... and securityAdmin 0x6b1A..., while the syrupUSDC PoolManager reports governor 0x2eFF..., globals 0x804a..., withdrawalManager 0x1bc47... and poolPermissionManager 0xBe10...." + }, + { + "code": "C2", + "text": "Core control surfaces are mixed/upgradeable: MapleGlobals, PoolManager, PoolPermissionManager and MapleCCIPReceiver are proxied or expose implementation setters; the PoolPermissionManager proxy is administered by the 4-of-7 DAO multisig, and MapleGlobals is governed by GovernorTimelock." + }, + { + "code": "C3", + "text": "The uncontested GovernorTimelock path has MIN_DELAY 86400 seconds and defaultTimelockParameters [259200,172800], so the default schedule-to-execute delay observed for GovernorTimelock-governed privileged actions is 259200 seconds; Pool Delegate timelock docs describe a separate pool-upgrade path whose parameters can be retroactively changed by Governor." + }, + { + "code": "C4", + "text": "Reachable multisigs identified in this run include the Ethereum DAO multisig 4-of-7, Ethereum securityAdmin 3-of-6, legacy/pinned globalAdmin 2-of-3 whose current reachability was not proven, and Base governor 3-of-5; signer identities/non-insider status were not verified, so none qualifies as a Security Council in this run." + }, + { + "code": "C5", + "text": "Docs describe SYRUP governance, but the privileged on-chain execution surface fetched in this run is a GovernorTimelock/role-admin mechanism rather than a fully parameterized token-weighted Governor with readable proposal threshold, voting period and quorum; those constants were not verified." + }, + { + "code": "C6", + "text": "Emergency power is separate from the Governor path: official docs and MapleGlobals state show securityAdmin 0x6b1A... can participate in global/per-contract pause controls, and the security page says a multisig can temporarily disable almost all Maple functions." + }, + { + "code": "C7", + "text": "Worst verified blast radius is T1/T2: the Governor/Globals/PoolManager surfaces can upgrade core components, set protocol pause, set price oracles/manual override prices, change liquidity caps, change pool permission manager/withdrawal manager and configure strategies; pause and withdrawal-manager/oracle changes are fund-critical or economically material." + } + ], + "steelman": { + "red": "Red case: if the securityAdmin or an unverified Base admin can pause or reroute user-fund flows with no delay and no on-chain cap, users face a fund-critical hot-admin path.", + "orange": "Orange case: the main Ethereum T1/T2 path is governed by a 3-day GovernorTimelock and multisigs that fail the Security Council standard, while emergency pause is held by a 3-of-6 multisig and Base admin surfaces are partly unverifiable.", + "green": "Green case: the principal GovernorTimelock path is on-chain, has a readable delay, and the DAO multisig is 4-of-7 rather than a single EOA or 2-of-3 hot key." + }, + "verdict": "Choosing orange because the highest reachable tier includes T1/T2 actions such as core upgrades, pause, oracle/manual override and withdrawal-manager or permission-manager changes, but the main Ethereum GovernorTimelock path is 259200 seconds rather than zero; the responsible multisigs do not meet the Security Council standard and several Base/emergency surfaces were not fully auditable in this run." + }, + "evidence": [ + { + "url": "https://docs.maple.finance/", + "shows": "Official docs describe Maple as a digital asset lending platform using compliance and due diligence, and Syrup as making Maple's institutional lending marketplace available through DeFi." + }, + { + "url": "https://docs.maple.finance/integrate/ethereum-mainnet/smart-contract-integration", + "shows": "Official deployed-contracts/integration page lists Syrup smart-contract addresses, PoolPermissionManager, direct requestRedeem integration and Maple JS ABI references." + }, + { + "url": "https://github.com/maple-labs/maple-core-v2", + "shows": "Public Maple V2 core repository contains the core smart contracts, submodules for globals, pool-v2, pool-permission-manager and withdrawal-manager-queue, and links audit reports/bug bounty." + }, + { + "url": "https://github.com/maple-labs/maple-js", + "shows": "Public Maple JavaScript SDK for interacting with Maple smart contracts; README documents installation, network address exports and transaction helpers." + }, + { + "url": "https://github.com/maple-labs/maple-cross-chain-receiver", + "shows": "Public Maple cross-chain receiver repository describes the Chainlink CCIP-powered receiver module for cross-chain Maple deposits/redemptions." + }, + { + "url": "https://docs.maple.finance/technical-resources/security/security", + "shows": "Official security page lists audits including November 2025 Withdrawal Manager audits by Spearbit/Sherlock, January 2026 CCIP Receiver audits by Dedaub/Sigma Prime, emergency pause, oracle protections and bug bounty." + }, + { + "url": "https://github.com/maple-labs/maple-v2-audits/blob/main/README.md", + "shows": "Public Maple V2 audit README lists older Maple V2 reports, including Trail of Bits, Spearbit and Three Sigma coverage." + }, + { + "url": "https://immunefi.com/bug-bounty/maple/information/", + "shows": "Immunefi Maple bug bounty page shows live bounty metadata, maximum smart-contract bounty of $500,000, and scope information." + }, + { + "url": "https://defipunkd.com/address/1/0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", + "shows": "Ethereum GovernorTimelock surfacer verifies the timelock contract, default delay values and role-management/write surface.", + "chain": "Ethereum", + "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b" + }, + { + "url": "https://defipunkd.com/address/1/0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", + "shows": "Ethereum DAO multisig is a Safe with threshold 4 of 7 owners.", + "chain": "Ethereum", + "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196" + }, + { + "url": "https://defipunkd.com/address/1/0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", + "shows": "Ethereum securityAdmin is a multisig with threshold 3 of 6 owners.", + "chain": "Ethereum", + "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818" + }, + { + "url": "https://defipunkd.com/address/1/0x804a6F5F667170F545Bf14e5DDB48C70B788390C", + "shows": "MapleGlobals is a proxy governed by GovernorTimelock, with operationalAdmin and securityAdmin addresses surfaced and upgrade/pause/oracle write methods visible.", + "chain": "Ethereum", + "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C" + }, + { + "url": "https://defipunkd.com/address/8453/0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE", + "shows": "Base governor is a Gnosis Safe L2 multisig with threshold 3 of 5 owners.", + "chain": "Base", + "address": "0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE" + }, + { + "url": "https://defipunkd.com/address/1/0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", + "shows": "Ethereum GovernorTimelock is verified by the read surfacer; MIN_DELAY is 86400 seconds, MIN_EXECUTION_WINDOW is 86400 seconds, defaultTimelockParameters is [259200,172800], and write surface includes scheduleProposals, executeProposals, setDefaultTimelockParameters, setFunctionTimelockParameters, updateRole and withdrawERC20Token.", + "chain": "Ethereum", + "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b" + }, + { + "url": "https://defipunkd.com/address/1/0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", + "shows": "Ethereum DAO multisig is a Safe 1.3.0 with threshold 4 and 7 owners at the pinned block.", + "chain": "Ethereum", + "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196" + }, + { + "url": "https://defipunkd.com/address/1/0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", + "shows": "Ethereum securityAdmin is a multisig with threshold 3 and 6 owners at the pinned block.", + "chain": "Ethereum", + "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818" + }, + { + "url": "https://defipunkd.com/address/1/0x0D8b2C1F11c5f9cD51de6dB3b256C1e3b0800200", + "shows": "Pinned globalAdmin address is a multisig with threshold 2 and 3 owners; this run did not prove it remains on the current MapleGlobals upgrade path.", + "chain": "Ethereum", + "address": "0x0D8b2C1F11c5f9cD51de6dB3b256C1e3b0800200" + }, + { + "url": "https://defipunkd.com/address/1/0x804a6F5F667170F545Bf14e5DDB48C70B788390C", + "shows": "Ethereum MapleGlobals is a NonTransparentProxy with implementation 0x9BeAbb1B6F3ad1DdB87b65148BA5Eb6102334956; admin/governor are 0x2eFF..., operationalAdmin is 0xCe1c..., securityAdmin is 0x6b1A..., protocolPaused is false, and write surface includes setProtocolPause, setContractPause, setFunctionUnpause, setPriceOracle, setManualOverridePrice, setImplementation and fee/validity setters.", + "chain": "Ethereum", + "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C" + }, + { + "url": "https://defipunkd.com/address/1/0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F", + "shows": "syrupUSDC PoolManager is a proxy with governor 0x2eFF..., globals 0x804a..., poolPermissionManager 0xBe10..., withdrawalManager 0x1bc47..., liquidityCap 2500000000000000, and write surface including setImplementation, setLiquidityCap, setPoolPermissionManager, setWithdrawalManager, setIsStrategy, requestRedeem and requestWithdraw.", + "chain": "Ethereum", + "address": "0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F" + }, + { + "url": "https://defipunkd.com/address/1/0xBe10aDcE8B6E3E02Db384E7FaDA5395DD113D8b3", + "shows": "PoolPermissionManager is an upgradeable proxy; admin is the DAO multisig 0xd6d4..., globals is 0x804a..., and write methods include configurePool, setLenderAllowlist, setLenderBitmaps, setPermissionAdmin, setPoolBitmaps, setPoolPermissionLevel and setImplementation.", + "chain": "Ethereum", + "address": "0xBe10aDcE8B6E3E02Db384E7FaDA5395DD113D8b3" + }, + { + "url": "https://docs.maple.finance/technical-resources/admin-functions/governor-admin-actions", + "shows": "Official admin docs list Governor-permissioned actions on Globals, PoolManager, PoolPermissionManager, Strategies and upgrades; examples include setProtocolPause, setPriceOracle, setLiquidityCap, setPoolPermissionManager, setLenderAllowlist and upgrades of Globals, Liquidator and Withdrawal Manager." + }, + { + "url": "https://docs.maple.finance/technical-resources/admin-functions/timelocks", + "shows": "Official timelock docs state Governor privileged actions route through GovernorTimelock; PoolManager/LoanManager/WithdrawalManager upgrades use Pool Delegate timelocks, and the Governor can change timelock parameters retroactively." + }, + { + "url": "https://docs.maple.finance/technical-resources/security/emergency-protocol-pause", + "shows": "Official emergency-pause docs state global pause can be called by Governor or securityAdmin, and granular pausing includes protocol-level, per-contract and per-function unpause controls." + }, + { + "url": "https://defipunkd.com/address/8453/0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE", + "shows": "Base governor address is a Gnosis Safe L2 multisig with threshold 3 and 5 owners at the pinned Base block.", + "chain": "Base", + "address": "0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE" + }, + { + "url": "https://defipunkd.com/address/8453/0x6150371231f783e97906af4861Bc1eD11cE1c9Ea", + "shows": "Pinned Base securityAdmin address did not resolve to a verified ABI through the surfacer; owner/admin/governor reads were only exposed as generic fallback URLs, so actor class and scope were not verified.", + "chain": "Base", + "address": "0x6150371231f783e97906af4861Bc1eD11cE1c9Ea" + } + ], + "unknowns": [ + "C1: Base globals/securityAdmin owner/admin/governor reads could not be decoded because the pinned Base addresses did not resolve to verified ABIs in this run.", + "C2: Exact proxy admin and implementation for every pinned Base and legacy address were not verified.", + "C3: Pool Delegate timelock parameter for each live PoolManager/LoanManager/WithdrawalManager path was not exhaustively read; docs state these are mutable by Governor.", + "C4: Signer identities and insider/non-insider classifications for all multisigs were not verified.", + "C5: On-chain voting proposal threshold, voting period and quorum constants were not found/read for a token-weighted Governor in this run.", + "C6: Maximum duration of securityAdmin emergency pause was not verified on-chain.", + "C7: Per-function bounds for fee/oracle/strategy/permission setters were not fully audited from source." + ], + "protocol_metadata": { + "github": [ + "https://github.com/maple-labs/maple-core-v2", + "https://github.com/maple-labs/maple-js", + "https://github.com/maple-labs/maple-cross-chain-receiver" + ], + "docs_url": "https://docs.maple.finance/", + "audits": [ + { + "firm": "Trail of Bits", + "url": "https://github.com/maple-labs/maple-v2-audits/blob/main/README.md", + "date": "2022-08-24" + }, + { + "firm": "Spearbit", + "url": "https://docs.maple.finance/technical-resources/security/security", + "date": "2025-11" + }, + { + "firm": "Sigma Prime", + "url": "https://docs.maple.finance/technical-resources/security/security", + "date": "2026-01" + } + ], + "governance_forum": null, + "voting_token": null, + "bug_bounty_url": "https://immunefi.com/bug-bounty/maple/information/", + "security_contact": null, + "deployed_contracts_doc": "https://docs.maple.finance/integrate/ethereum-mainnet/smart-contract-integration", + "admin_addresses": [ + { + "chain": "Ethereum", + "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", + "role": "DAO multisig / GovernorTimelock role manager", + "actor_class": "multisig" + }, + { + "chain": "Ethereum", + "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", + "role": "GovernorTimelock / MapleGlobals governor", + "actor_class": "timelock" + }, + { + "chain": "Ethereum", + "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", + "role": "securityAdmin multisig", + "actor_class": "multisig" + }, + { + "chain": "Ethereum", + "address": "0xCe1cE7c7F436DCc4E28Bc8bf86115514d3DC34E8", + "role": "operationalAdmin", + "actor_class": "unknown" + }, + { + "chain": "Base", + "address": "0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE", + "role": "Base governor multisig", + "actor_class": "multisig" + } + ], + "upgradeability": "mixed", + "about": "Maple is an on-chain lending and asset-management protocol where lenders deposit stablecoins into pools such as syrupUSDC and syrupUSDT, and pool assets are deployed into institutional credit, liquidity provisioning, and related yield strategies. Syrup exposes Maple's institutional lending market through DeFi integrations; smart-contract deposits route through SyrupRouter and PoolPermissionManager, while withdrawals use requestRedeem into a FIFO queue." + } + }, + { + "schema_version": 4, + "slug": "maple", + "slice": "ability-to-exit", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-29", + "model": "gpt-5.5-thinking", + "chat_url": "https://chatgpt.com/s/t_6a1a1a8deda08191ad91dcdbd1627ea1", + "grading_basis": "mixed", + "grade": "orange", + "headline": "Users can request redemption on-chain, but exits are queue-processed by Maple/Maple Direct, can take up to 30 days, and broad pause powers lack a verified cap.", + "short_headline": "Queued, pausable exits", + "rationale": { + "findings": [ + { + "code": "E1", + "text": "User-facing exit methods observed for the Pool/PoolManager family include withdraw, redeem, requestRedeem and requestWithdraw; official integration docs present requestRedeem(uint256,address) as the direct withdrawal request path." + }, + { + "code": "E2", + "text": "This run did not fully recover source-level modifiers for every exit function, but the official flow shows withdrawal request placement is a user transaction while processing is done by Maple/Maple Direct through the queue." + }, + { + "code": "E3", + "text": "Pause guards are broad: Maple security docs state an emergency multisig can trigger a protocol pause that temporarily disables almost all functions, and emergency-pause docs state Governor or securityAdmin can apply protocol-level and contract-level pause controls; no maximum pause duration was verified on-chain." + }, + { + "code": "E4", + "text": "Emergency pause and governance pause are distinct: securityAdmin can act on the global/per-contract pause path, while Governor also has pause controls through MapleGlobals/GovernorTimelock." + }, + { + "code": "E5", + "text": "Queued redemption is explicit: withdrawals are FIFO, processed automatically/by Maple when liquidity is available, expected under 2 days but can take up to 30 days, and completion sends assets directly to the wallet without a separate user claim transaction." + }, + { + "code": "E6", + "text": "No forced-exit or adversarial-admin escape hatch was verified; the documented fallback for liquidity is queue processing or secondary-market swap, not a permissionless bypass of paused queue processing." + }, + { + "code": "E7", + "text": "Exit initiation is directly callable on-chain because docs provide a requestRedeem integration snippet and Pool/PoolManager ABIs list requestRedeem/requestWithdraw; the official frontend is not required for request placement." + } + ], + "steelman": { + "red": "Red case: a broad protocol pause with no verified time cap could block withdrawal requests or queue processing, and users have no separate claim-of-finalized-funds transaction to bypass admin-controlled processing.", + "orange": "Orange case: users can initiate requestRedeem on-chain without the frontend, but redemption is queue-based, can take up to 30 days, and broad pause/processing controls remain under Governor/securityAdmin rather than being capped on-chain in the evidence fetched.", + "green": "Green case: withdrawal request placement is direct, documented, and not frontend-dependent, and when queue processing completes the funds are sent directly to the lender wallet without an additional claim transaction." + }, + "verdict": "Choosing orange because exits are directly callable via requestRedeem/requestWithdraw and the queue has a documented maximum of about 30 days, but queue processing is not purely user-driven and the broad emergency/governance pause path had no verified on-chain maximum duration; I did not verify that finalized-but-unpaid claims can be paused indefinitely, so red is plausible but not fully proven." + }, + "evidence": [ + { + "url": "https://docs.maple.finance/", + "shows": "Official docs describe Maple as a digital asset lending platform using compliance and due diligence, and Syrup as making Maple's institutional lending marketplace available through DeFi." + }, + { + "url": "https://docs.maple.finance/integrate/ethereum-mainnet/smart-contract-integration", + "shows": "Official deployed-contracts/integration page lists Syrup smart-contract addresses, PoolPermissionManager, direct requestRedeem integration and Maple JS ABI references." + }, + { + "url": "https://github.com/maple-labs/maple-core-v2", + "shows": "Public Maple V2 core repository contains the core smart contracts, submodules for globals, pool-v2, pool-permission-manager and withdrawal-manager-queue, and links audit reports/bug bounty." + }, + { + "url": "https://github.com/maple-labs/maple-js", + "shows": "Public Maple JavaScript SDK for interacting with Maple smart contracts; README documents installation, network address exports and transaction helpers." + }, + { + "url": "https://github.com/maple-labs/maple-cross-chain-receiver", + "shows": "Public Maple cross-chain receiver repository describes the Chainlink CCIP-powered receiver module for cross-chain Maple deposits/redemptions." + }, + { + "url": "https://docs.maple.finance/technical-resources/security/security", + "shows": "Official security page lists audits including November 2025 Withdrawal Manager audits by Spearbit/Sherlock, January 2026 CCIP Receiver audits by Dedaub/Sigma Prime, emergency pause, oracle protections and bug bounty." + }, + { + "url": "https://github.com/maple-labs/maple-v2-audits/blob/main/README.md", + "shows": "Public Maple V2 audit README lists older Maple V2 reports, including Trail of Bits, Spearbit and Three Sigma coverage." + }, + { + "url": "https://immunefi.com/bug-bounty/maple/information/", + "shows": "Immunefi Maple bug bounty page shows live bounty metadata, maximum smart-contract bounty of $500,000, and scope information." + }, + { + "url": "https://defipunkd.com/address/1/0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", + "shows": "Ethereum GovernorTimelock surfacer verifies the timelock contract, default delay values and role-management/write surface.", + "chain": "Ethereum", + "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b" + }, + { + "url": "https://defipunkd.com/address/1/0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", + "shows": "Ethereum DAO multisig is a Safe with threshold 4 of 7 owners.", + "chain": "Ethereum", + "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196" + }, + { + "url": "https://defipunkd.com/address/1/0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", + "shows": "Ethereum securityAdmin is a multisig with threshold 3 of 6 owners.", + "chain": "Ethereum", + "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818" + }, + { + "url": "https://defipunkd.com/address/1/0x804a6F5F667170F545Bf14e5DDB48C70B788390C", + "shows": "MapleGlobals is a proxy governed by GovernorTimelock, with operationalAdmin and securityAdmin addresses surfaced and upgrade/pause/oracle write methods visible.", + "chain": "Ethereum", + "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C" + }, + { + "url": "https://defipunkd.com/address/8453/0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE", + "shows": "Base governor is a Gnosis Safe L2 multisig with threshold 3 of 5 owners.", + "chain": "Base", + "address": "0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE" + }, + { + "url": "https://defipunkd.com/address/1/0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b", + "shows": "syrupUSDC Pool ABI lists exit/entry methods including deposit, withdraw, redeem, requestRedeem and requestWithdraw; totalAssets was 1389661665922226 and totalSupply was 1191348172129417 at the pinned Ethereum block.", + "chain": "Ethereum", + "address": "0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b" + }, + { + "url": "https://defipunkd.com/address/1/0x356B8d89c1e1239Cbbb9dE4815c39A1474d5BA7D", + "shows": "syrupUSDT Pool ABI uses the same Pool surface and reported totalAssets 426170190130119, totalSupply 377429691635383 and unrealizedLosses 0 at the pinned Ethereum block.", + "chain": "Ethereum", + "address": "0x356B8d89c1e1239Cbbb9dE4815c39A1474d5BA7D" + }, + { + "url": "https://defipunkd.com/address/1/0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F", + "shows": "syrupUSDC PoolManager write surface includes requestRedeem, requestWithdraw, processRedeem, processWithdraw, setActive, setPoolPermissionManager and setWithdrawalManager; withdrawalManager is 0x1bc47... and pool is syrupUSDC.", + "chain": "Ethereum", + "address": "0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F" + }, + { + "url": "https://defipunkd.com/address/1/0x1bc47a0Dd0FdaB96E9eF982fdf1F34DC6207cfE3", + "shows": "Pinned syrupUSDC WithdrawalManagerQueue surfacer resolved only the proxy shell ABI and did not expose the implementation read surface in this run.", + "chain": "Ethereum", + "address": "0x1bc47a0Dd0FdaB96E9eF982fdf1F34DC6207cfE3" + }, + { + "url": "https://docs.maple.finance/integrate/ethereum-mainnet/smart-contract-integration", + "shows": "Official integration docs list withdrawal as requestRedeem, describe FIFO queue processing, say withdrawals are processed automatically by Maple, expected under 2 days but can take up to 30 days, and completion sends assets directly to the wallet with no additional transaction." + }, + { + "url": "https://docs.maple.finance/maple-institutional-for-lenders/withdrawal-process", + "shows": "Official institutional docs describe a queue-based Withdrawal Manager where a lender enters the queue with one transaction, Maple Direct processes withdrawals, and funds are sent directly to the wallet without a second claim transaction." + }, + { + "url": "https://docs.maple.finance/technical-resources/security/emergency-protocol-pause", + "shows": "Emergency-pause docs state Governor or securityAdmin can set protocol pause and per-contract pause, with per-function unpause used to allow limited recovery actions." + }, + { + "url": "https://docs.maple.finance/technical-resources/security/security", + "shows": "Official security page says a multisig can trigger protocol pause in a critical incident and that the pause can temporarily disable almost all functions in Maple." + }, + { + "url": "https://docs.maple.finance/integrate/ethereum-mainnet/smart-contract-integration", + "shows": "Official docs provide direct smart-contract integration examples, including IPool.requestRedeem(uint256,address), indicating exits can be initiated without the official frontend." + } + ], + "unknowns": [ + "E1: Exit functions for every non-Syrup legacy/current pool across Ethereum, Base and Solana were not exhaustively enumerated.", + "E2: Source-level modifiers and pause guards for each overloaded withdraw/redeem/requestRedeem/requestWithdraw function were not fully recovered because WithdrawalManagerQueue implementation did not resolve in the surfacer.", + "E3: Role-holder hasRole/getRoleAdmin values and maximum pause duration were not read for every pause guard; no PAUSE_INFINITELY equivalent was confirmed or ruled out on-chain.", + "E4: Exact emergency-vs-governance pause scope per exit function was not proven from deployed source.", + "E5: The 30-day queue maximum was documented in official docs but not re-read as an on-chain hard cap.", + "E6: No forced-exit/escape-hatch mechanism was found; absence was not proven across every deployed module.", + "E7: Direct on-chain exit initiation was verified for requestRedeem documentation/ABI, but not tested by transaction simulation." + ], + "protocol_metadata": { + "github": [ + "https://github.com/maple-labs/maple-core-v2", + "https://github.com/maple-labs/maple-js", + "https://github.com/maple-labs/maple-cross-chain-receiver" + ], + "docs_url": "https://docs.maple.finance/", + "audits": [ + { + "firm": "Trail of Bits", + "url": "https://github.com/maple-labs/maple-v2-audits/blob/main/README.md", + "date": "2022-08-24" + }, + { + "firm": "Spearbit", + "url": "https://docs.maple.finance/technical-resources/security/security", + "date": "2025-11" + }, + { + "firm": "Sigma Prime", + "url": "https://docs.maple.finance/technical-resources/security/security", + "date": "2026-01" + } + ], + "governance_forum": null, + "voting_token": null, + "bug_bounty_url": "https://immunefi.com/bug-bounty/maple/information/", + "security_contact": null, + "deployed_contracts_doc": "https://docs.maple.finance/integrate/ethereum-mainnet/smart-contract-integration", + "admin_addresses": [ + { + "chain": "Ethereum", + "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", + "role": "DAO multisig / GovernorTimelock role manager", + "actor_class": "multisig" + }, + { + "chain": "Ethereum", + "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", + "role": "GovernorTimelock / MapleGlobals governor", + "actor_class": "timelock" + }, + { + "chain": "Ethereum", + "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", + "role": "securityAdmin multisig", + "actor_class": "multisig" + }, + { + "chain": "Ethereum", + "address": "0xCe1cE7c7F436DCc4E28Bc8bf86115514d3DC34E8", + "role": "operationalAdmin", + "actor_class": "unknown" + }, + { + "chain": "Base", + "address": "0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE", + "role": "Base governor multisig", + "actor_class": "multisig" + } + ], + "upgradeability": "mixed", + "about": "Maple is an on-chain lending and asset-management protocol where lenders deposit stablecoins into pools such as syrupUSDC and syrupUSDT, and pool assets are deployed into institutional credit, liquidity provisioning, and related yield strategies. Syrup exposes Maple's institutional lending market through DeFi integrations; smart-contract deposits route through SyrupRouter and PoolPermissionManager, while withdrawals use requestRedeem into a FIFO queue." + } + }, + { + "schema_version": 4, + "slug": "maple", + "slice": "autonomy", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-29", + "model": "gpt-5.5-thinking", + "chat_url": "https://chatgpt.com/s/t_6a1a1a8deda08191ad91dcdbd1627ea1", + "grading_basis": "mixed", + "grade": "red", + "headline": "Worst dependency can impair principal: Maple depends on institutional borrower/strategy performance plus mutable oracle/strategy/CCIP surfaces; affected TVS can be material, about $1.8B across the two fetched Syrup pools.", + "short_headline": "Principal dependency risk", + "rationale": { + "findings": [ + { + "code": "A1", + "text": "Material external dependencies include institutional borrowers/credit strategies, DeFi liquidity/futures-basis strategies, Chainlink oracles/oracle wrappers, and the Chainlink CCIP router used by MapleCCIPReceiver; live oracle feed addresses were not enumerated." + }, + { + "code": "A2", + "text": "Maple/Maple Direct is a material off-chain actor for underwriting/credit operations and queue processing; official docs say yield comes from institutional loans and withdrawals are processed by Maple/Maple Direct." + }, + { + "code": "A3", + "text": "Cross-chain mint/redeem is a distinct module: the MapleCCIPReceiver is bound to syrupUSDC and reads CCIP_ROUTER 0x80226..., with depositsEnabled/redemptionsEnabled true; its README describes Chainlink CCIP routing source-chain deposits and redemptions into Ethereum Maple pools." + }, + { + "code": "A4", + "text": "Nested/strategy exposure exists at least at the pool-manager level: syrupUSDC PoolManager reports strategyListLength 4, and docs describe yield support from DeFi liquidity provision and futures basis trading; the per-strategy dependency census was not completed." + }, + { + "code": "A5", + "text": "No DeFiLlama fork-lineage evidence was fetched in this run; no fork finding is asserted." + }, + { + "code": "A6", + "text": "Fallback/circuit-breaker evidence exists but is incomplete: docs cite Chainlink oracle wrappers, withdrawal cooldowns, emergency pause and Tenderly monitoring, but this run did not verify live oracle wrapper addresses or on-chain activation status for each fallback." + }, + { + "code": "A7", + "text": "No protocol-owned appchain/sequencer dependency was identified; Base/Solana are treated as deployment substrate unless used through the CCIP module." + }, + { + "code": "A8", + "text": "Keeper/operator liveness is material for withdrawals and cross-chain flows: Maple/Maple Direct queue processing and CCIP message execution/retry functions are needed for timely completion, while users can still place Ethereum withdrawal requests directly." + }, + { + "code": "A9", + "text": "Governance can mutate external dependency surfaces: MapleGlobals exposes setPriceOracle and manual override price functions, PoolManager exposes strategy and withdrawal-manager/permission-manager setters, and admin docs list Governor authority over these actions; the observed GovernorTimelock default delay is 259200 seconds, below a 7-day exit window." + } + ], + "steelman": { + "red": "Red case: Maple's core product is externally dependent on institutional borrower/strategy performance and governance-mutable oracles/strategies, and a failure can impair principal for a material share of TVS rather than merely reducing unclaimed yield.", + "orange": "Orange case: dependencies are explicit and largely product-specific, withdrawals are queued rather than instant, and documented monitors/oracle wrappers/emergency pause can bound some failures but do not prove users stay whole.", + "green": "Green case: users opt into Maple lending pools with disclosed credit/strategy exposure, and the protocol has documented Chainlink oracles, wrappers, monitoring, cooldowns and emergency pause rather than a completely opaque external dependency stack." + }, + "verdict": "Choosing red because the worst unmitigated dependency can affect principal: Maple yield depends on institutional loans/strategies and governance-mutable oracle/strategy surfaces, while the fetched on-chain and docs evidence did not show live fallbacks that keep users whole. Impacted TVS estimate: syrupUSDC plus syrupUSDT alone held about $1.816B at the pinned blocks, roughly 46% of the $3.94B AUM shown on the homepage; any single pool-level borrower/strategy/oracle failure can affect ~100% of that affected pool and more than 25% of protocol TVS if it hits a large Syrup pool." + }, + "evidence": [ + { + "url": "https://docs.maple.finance/", + "shows": "Official docs describe Maple as a digital asset lending platform using compliance and due diligence, and Syrup as making Maple's institutional lending marketplace available through DeFi." + }, + { + "url": "https://docs.maple.finance/integrate/ethereum-mainnet/smart-contract-integration", + "shows": "Official deployed-contracts/integration page lists Syrup smart-contract addresses, PoolPermissionManager, direct requestRedeem integration and Maple JS ABI references." + }, + { + "url": "https://github.com/maple-labs/maple-core-v2", + "shows": "Public Maple V2 core repository contains the core smart contracts, submodules for globals, pool-v2, pool-permission-manager and withdrawal-manager-queue, and links audit reports/bug bounty." + }, + { + "url": "https://github.com/maple-labs/maple-js", + "shows": "Public Maple JavaScript SDK for interacting with Maple smart contracts; README documents installation, network address exports and transaction helpers." + }, + { + "url": "https://github.com/maple-labs/maple-cross-chain-receiver", + "shows": "Public Maple cross-chain receiver repository describes the Chainlink CCIP-powered receiver module for cross-chain Maple deposits/redemptions." + }, + { + "url": "https://docs.maple.finance/technical-resources/security/security", + "shows": "Official security page lists audits including November 2025 Withdrawal Manager audits by Spearbit/Sherlock, January 2026 CCIP Receiver audits by Dedaub/Sigma Prime, emergency pause, oracle protections and bug bounty." + }, + { + "url": "https://github.com/maple-labs/maple-v2-audits/blob/main/README.md", + "shows": "Public Maple V2 audit README lists older Maple V2 reports, including Trail of Bits, Spearbit and Three Sigma coverage." + }, + { + "url": "https://immunefi.com/bug-bounty/maple/information/", + "shows": "Immunefi Maple bug bounty page shows live bounty metadata, maximum smart-contract bounty of $500,000, and scope information." + }, + { + "url": "https://defipunkd.com/address/1/0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", + "shows": "Ethereum GovernorTimelock surfacer verifies the timelock contract, default delay values and role-management/write surface.", + "chain": "Ethereum", + "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b" + }, + { + "url": "https://defipunkd.com/address/1/0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", + "shows": "Ethereum DAO multisig is a Safe with threshold 4 of 7 owners.", + "chain": "Ethereum", + "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196" + }, + { + "url": "https://defipunkd.com/address/1/0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", + "shows": "Ethereum securityAdmin is a multisig with threshold 3 of 6 owners.", + "chain": "Ethereum", + "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818" + }, + { + "url": "https://defipunkd.com/address/1/0x804a6F5F667170F545Bf14e5DDB48C70B788390C", + "shows": "MapleGlobals is a proxy governed by GovernorTimelock, with operationalAdmin and securityAdmin addresses surfaced and upgrade/pause/oracle write methods visible.", + "chain": "Ethereum", + "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C" + }, + { + "url": "https://defipunkd.com/address/8453/0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE", + "shows": "Base governor is a Gnosis Safe L2 multisig with threshold 3 of 5 owners.", + "chain": "Base", + "address": "0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE" + }, + { + "url": "https://docs.maple.finance/", + "shows": "Official docs state Maple yield is primarily generated from fixed-rate overcollateralized loans to institutional borrowers, supported by DeFi liquidity provision and futures basis trading." + }, + { + "url": "https://defipunkd.com/address/1/0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F", + "shows": "syrupUSDC PoolManager reports strategyListLength 4, totalAssets 1389661456350481, withdrawalManager 0x1bc47..., poolPermissionManager 0xBe10..., globals 0x804a..., and write methods to set strategies/withdrawal manager/pool permission manager.", + "chain": "Ethereum", + "address": "0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F" + }, + { + "url": "https://defipunkd.com/address/1/0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b", + "shows": "syrupUSDC Pool reported totalAssets 1389661665922226 and totalSupply 1191348172129417 at the pinned Ethereum block.", + "chain": "Ethereum", + "address": "0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b" + }, + { + "url": "https://defipunkd.com/address/1/0x356B8d89c1e1239Cbbb9dE4815c39A1474d5BA7D", + "shows": "syrupUSDT Pool reported totalAssets 426170190130119 and totalSupply 377429691635383 at the pinned Ethereum block.", + "chain": "Ethereum", + "address": "0x356B8d89c1e1239Cbbb9dE4815c39A1474d5BA7D" + }, + { + "url": "https://maple.finance/", + "shows": "Public homepage reported Maple AUM of $3.94B during this run and shows Syrup liquid-yielding-dollar products and Maple Institutional secured lending." + }, + { + "url": "https://docs.maple.finance/technical-resources/security/security", + "shows": "Official security page states Maple uses Chainlink oracles, oracle wrappers, withdrawal cooldowns, and Tenderly monitoring; this page does not itself provide live oracle addresses or on-chain activation status for each wrapper." + }, + { + "url": "https://defipunkd.com/address/1/0x804a6F5F667170F545Bf14e5DDB48C70B788390C", + "shows": "MapleGlobals read/write surface includes priceOracleOf, manualOverridePrice, setPriceOracle, setManualOverridePrice, setProtocolPause and setContractPause; governor is 0x2eFF... and securityAdmin is 0x6b1A....", + "chain": "Ethereum", + "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C" + }, + { + "url": "https://defipunkd.com/address/1/0x02B6A75c5D1F430F0614dc5AC8aD5F9D35fbA2c4", + "shows": "MapleCCIPReceiver is an ERC1967Proxy; CCIP_ROUTER is 0x80226fc0Ee2b096224EeAc085Bb9a8cba1146f7D, getPool points to syrupUSDC 0x80ac..., depositsEnabled and redemptionsEnabled were true, and write methods include enableDeposits, enableRedemptions, executeRedeemList, processMessage, retryFailedMessage and upgradeToAndCall.", + "chain": "Ethereum", + "address": "0x02B6A75c5D1F430F0614dc5AC8aD5F9D35fbA2c4" + }, + { + "url": "https://github.com/maple-labs/maple-cross-chain-receiver", + "shows": "Maple cross-chain receiver README describes a Chainlink CCIP-powered bridge for cross-chain deposits/redemptions into Maple pools; flow is source chain to CCIP to bridge to Maple pools, with redemption request and later execution/token return through CCIP." + }, + { + "url": "https://docs.maple.finance/technical-resources/admin-functions/governor-admin-actions", + "shows": "Official admin docs show the Governor can set price oracles, set manual override prices, add strategies, set strategies active/inactive, configure PoolPermissionManager permissions and upgrade core components." + } + ], + "unknowns": [ + "A1: Live Chainlink/oracle wrapper addresses and latestAnswer/latestRoundData values were not enumerated.", + "A2: Maple Direct/operator committee membership, replacement procedure and exact queue-processing decentralization were not verified on-chain.", + "A3: Material TVS on each cross-chain origin chain was not measured; only Ethereum MapleCCIPReceiver and README architecture were checked.", + "A4: Full per-strategy/per-borrower collateral chain and strategy address list were not enumerated.", + "A5: DeFiLlama forkedFrom field was not fetched in this run.", + "A6: Oracle-wrapper/cooldown/monitor activation status was documented but not fully verified live on-chain.", + "A7: No appchain-owned sequencer dependency found; Base/Solana deployment substrate not graded here.", + "A8: Exact permissionlessness of all keepers/relayers that execute queue and CCIP redemptions was not verified.", + "A9: Timelock/exit-window for every external-dependency mutation path was not exhaustively reconstructed beyond GovernorTimelock default delay and docs." + ], + "protocol_metadata": { + "github": [ + "https://github.com/maple-labs/maple-core-v2", + "https://github.com/maple-labs/maple-js", + "https://github.com/maple-labs/maple-cross-chain-receiver" + ], + "docs_url": "https://docs.maple.finance/", + "audits": [ + { + "firm": "Trail of Bits", + "url": "https://github.com/maple-labs/maple-v2-audits/blob/main/README.md", + "date": "2022-08-24" + }, + { + "firm": "Spearbit", + "url": "https://docs.maple.finance/technical-resources/security/security", + "date": "2025-11" + }, + { + "firm": "Sigma Prime", + "url": "https://docs.maple.finance/technical-resources/security/security", + "date": "2026-01" + } + ], + "governance_forum": null, + "voting_token": null, + "bug_bounty_url": "https://immunefi.com/bug-bounty/maple/information/", + "security_contact": null, + "deployed_contracts_doc": "https://docs.maple.finance/integrate/ethereum-mainnet/smart-contract-integration", + "admin_addresses": [ + { + "chain": "Ethereum", + "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", + "role": "DAO multisig / GovernorTimelock role manager", + "actor_class": "multisig" + }, + { + "chain": "Ethereum", + "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", + "role": "GovernorTimelock / MapleGlobals governor", + "actor_class": "timelock" + }, + { + "chain": "Ethereum", + "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", + "role": "securityAdmin multisig", + "actor_class": "multisig" + }, + { + "chain": "Ethereum", + "address": "0xCe1cE7c7F436DCc4E28Bc8bf86115514d3DC34E8", + "role": "operationalAdmin", + "actor_class": "unknown" + }, + { + "chain": "Base", + "address": "0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE", + "role": "Base governor multisig", + "actor_class": "multisig" + } + ], + "upgradeability": "mixed", + "about": "Maple is an on-chain lending and asset-management protocol where lenders deposit stablecoins into pools such as syrupUSDC and syrupUSDT, and pool assets are deployed into institutional credit, liquidity provisioning, and related yield strategies. Syrup exposes Maple's institutional lending market through DeFi integrations; smart-contract deposits route through SyrupRouter and PoolPermissionManager, while withdrawals use requestRedeem into a FIFO queue." + } + }, + { + "schema_version": 4, + "slug": "maple", + "slice": "open-access", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-29", + "model": "gpt-5.5-thinking", + "chat_url": "https://chatgpt.com/s/t_6a1a1a8deda08191ad91dcdbd1627ea1", + "grading_basis": "mixed", + "grade": "red", + "headline": "Syrup deposit admission is on-chain permissioned: Maple/permission-admin authorization is required even through SDK/direct-contract paths.", + "short_headline": "Permissioned deposits", + "rationale": { + "findings": [ + { + "code": "A1", + "text": "User entry is contract-level permissioned for Syrup deposits: deposits must route through SyrupRouter, PoolPermissionManager enforces lender permissions, first-time deposits require a Maple-provided authorization signature, and only authorized lenders can deposit." + }, + { + "code": "A2", + "text": "Admission to deposit requires Maple/permission-admin authorization for new lenders; withdrawal request placement via requestRedeem is documented as directly callable and does not require new off-chain approval in the integration snippet." + }, + { + "code": "A3", + "text": "Frontend/interface restrictions are active-policy context: Maple reserves the right to block IPs or wallet identities on the Interface, and Syrup jurisdictions exclude users/entities/access from restricted jurisdictions including the United States." + }, + { + "code": "A3b", + "text": "Independent access paths exist through the published Maple JS SDK and direct smart-contract integration docs, but they do not remove the contract-level deposit authorization requirement." + }, + { + "code": "A4", + "text": "No on-chain OFAC/sanctions blocklist check was verified in the core Pool/PoolPermissionManager ABI; the verified contract-level gate is Maple's PoolPermissionManager permission bitmap/allowlist system." + }, + { + "code": "A5", + "text": "Read access is permissionless through public contracts/docs/SDK, but write access differs by function: deposits are permissioned, while withdrawal request placement is directly callable for existing holders." + }, + { + "code": "A6", + "text": "Legal extraction succeeded: interface terms include sanctions/restricted-jurisdiction clauses and reserve interface-level blocking rights; Syrup terms also state the interface is not essential to using the Protocol." + } + ], + "steelman": { + "red": "Red case: a core user action, depositing into Syrup pools, is gated by contract-level permissions and Maple-provided authorization signatures, not merely by frontend ToS.", + "orange": "Orange case: independent SDK/direct-contract paths exist and withdrawals can be requested on-chain, so the system is not fully captured by the official frontend despite permissioned entry.", + "green": "Green case: users can interact with deployed contracts through SDK/direct calls and the interface itself is not essential, but this only helps after the contract-level permission gate is satisfied." + }, + "verdict": "Choosing red because admission to a core action, Syrup deposits, is explicitly contract-level permissioned through SyrupRouter and PoolPermissionManager and requires Maple/permission-admin authorization; independent SDK/direct-contract paths and frontend-independence do not overcome the on-chain allowlist gate." + }, + "evidence": [ + { + "url": "https://docs.maple.finance/", + "shows": "Official docs describe Maple as a digital asset lending platform using compliance and due diligence, and Syrup as making Maple's institutional lending marketplace available through DeFi." + }, + { + "url": "https://docs.maple.finance/integrate/ethereum-mainnet/smart-contract-integration", + "shows": "Official deployed-contracts/integration page lists Syrup smart-contract addresses, PoolPermissionManager, direct requestRedeem integration and Maple JS ABI references." + }, + { + "url": "https://github.com/maple-labs/maple-core-v2", + "shows": "Public Maple V2 core repository contains the core smart contracts, submodules for globals, pool-v2, pool-permission-manager and withdrawal-manager-queue, and links audit reports/bug bounty." + }, + { + "url": "https://github.com/maple-labs/maple-js", + "shows": "Public Maple JavaScript SDK for interacting with Maple smart contracts; README documents installation, network address exports and transaction helpers." + }, + { + "url": "https://github.com/maple-labs/maple-cross-chain-receiver", + "shows": "Public Maple cross-chain receiver repository describes the Chainlink CCIP-powered receiver module for cross-chain Maple deposits/redemptions." + }, + { + "url": "https://docs.maple.finance/technical-resources/security/security", + "shows": "Official security page lists audits including November 2025 Withdrawal Manager audits by Spearbit/Sherlock, January 2026 CCIP Receiver audits by Dedaub/Sigma Prime, emergency pause, oracle protections and bug bounty." + }, + { + "url": "https://github.com/maple-labs/maple-v2-audits/blob/main/README.md", + "shows": "Public Maple V2 audit README lists older Maple V2 reports, including Trail of Bits, Spearbit and Three Sigma coverage." + }, + { + "url": "https://immunefi.com/bug-bounty/maple/information/", + "shows": "Immunefi Maple bug bounty page shows live bounty metadata, maximum smart-contract bounty of $500,000, and scope information." + }, + { + "url": "https://defipunkd.com/address/1/0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", + "shows": "Ethereum GovernorTimelock surfacer verifies the timelock contract, default delay values and role-management/write surface.", + "chain": "Ethereum", + "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b" + }, + { + "url": "https://defipunkd.com/address/1/0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", + "shows": "Ethereum DAO multisig is a Safe with threshold 4 of 7 owners.", + "chain": "Ethereum", + "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196" + }, + { + "url": "https://defipunkd.com/address/1/0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", + "shows": "Ethereum securityAdmin is a multisig with threshold 3 of 6 owners.", + "chain": "Ethereum", + "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818" + }, + { + "url": "https://defipunkd.com/address/1/0x804a6F5F667170F545Bf14e5DDB48C70B788390C", + "shows": "MapleGlobals is a proxy governed by GovernorTimelock, with operationalAdmin and securityAdmin addresses surfaced and upgrade/pause/oracle write methods visible.", + "chain": "Ethereum", + "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C" + }, + { + "url": "https://defipunkd.com/address/8453/0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE", + "shows": "Base governor is a Gnosis Safe L2 multisig with threshold 3 of 5 owners.", + "chain": "Base", + "address": "0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE" + }, + { + "url": "https://docs.maple.finance/integrate/ethereum-mainnet/smart-contract-integration", + "shows": "Official smart-contract integration docs state deposits must go through SyrupRouter with authorization handled by PoolPermissionManager; first-time deposits require a Maple-provided authorization signature and addresses must be permissioned before deposits succeed." + }, + { + "url": "https://defipunkd.com/address/1/0xBe10aDcE8B6E3E02Db384E7FaDA5395DD113D8b3", + "shows": "PoolPermissionManager has permission and allowlist-related read/write surface: hasPermission, lenderAllowlist, lenderBitmaps, permissionAdmins, permissionLevels, poolBitmaps, setLenderAllowlist, setLenderBitmaps, setPermissionAdmin and setPoolPermissionLevel.", + "chain": "Ethereum", + "address": "0xBe10aDcE8B6E3E02Db384E7FaDA5395DD113D8b3" + }, + { + "url": "https://docs.maple.finance/integrate/ethereum-mainnet/smart-contract-integration", + "shows": "Official FAQ states authorization and routing are enforced through SyrupRouter and PoolPermissionManager, only authorized lenders can deposit, and authorization is required for all Syrup deposits." + }, + { + "url": "https://github.com/maple-labs/maple-js", + "shows": "Published Maple JS SDK supports direct smart-contract interaction, network addresses and transaction execution outside the official Maple frontend." + }, + { + "url": "https://docs.maple.finance/integrate/ethereum-mainnet/smart-contract-integration", + "shows": "Official docs list direct on-chain withdrawal via requestRedeem and give an IPool.requestRedeem integration snippet." + }, + { + "url": "https://docs.maple.finance/legal/interface-terms-of-use", + "shows": "Interface Terms reserve the right to disable wallet identities or block IP addresses, restrict interface access, and prohibit use from sanctioned jurisdictions including listed OFAC-related jurisdictions." + }, + { + "url": "https://docs.maple.finance/legal/syrupusdc-and-syrupusdt-available-jurisdictions", + "shows": "Syrup jurisdiction page says syrupUSDC and syrupUSDT are not available to residents/citizens/tax residents/entities/persons accessing from restricted jurisdictions, and lists restricted jurisdictions including the United States." + }, + { + "url": "https://docs.maple.finance/legal/interface-terms-of-use-syrupusdc-and-syrupusdt", + "shows": "Syrup interface terms state the interface is separate from the Protocol and is not essential for accessing or interacting with the Protocol." + } + ], + "unknowns": [ + "A1: All non-Syrup Maple Institutional pool entry points and borrower-facing admission gates were not exhaustively checked.", + "A2: Operator approval for borrower loan origination and institutional lender onboarding was not fully enumerated by function class.", + "A3: Runtime presence of IP/wallet blocking on the current official UI was not tested live; legal/interface policy was extracted instead.", + "A3b: Third-party aggregator routing beyond Maple JS/direct-contract integration was not exhaustively searched.", + "A4: Absence of a contract-level sanctions oracle/blocklist was not proven for every deployed module.", + "A5: Borrower-side write access and loan-management admission were not fully enumerated.", + "A6: ToS clauses were extracted for the main Maple and Syrup interfaces, but not every linked legal document was fully parsed." + ], + "protocol_metadata": { + "github": [ + "https://github.com/maple-labs/maple-core-v2", + "https://github.com/maple-labs/maple-js", + "https://github.com/maple-labs/maple-cross-chain-receiver" + ], + "docs_url": "https://docs.maple.finance/", + "audits": [ + { + "firm": "Trail of Bits", + "url": "https://github.com/maple-labs/maple-v2-audits/blob/main/README.md", + "date": "2022-08-24" + }, + { + "firm": "Spearbit", + "url": "https://docs.maple.finance/technical-resources/security/security", + "date": "2025-11" + }, + { + "firm": "Sigma Prime", + "url": "https://docs.maple.finance/technical-resources/security/security", + "date": "2026-01" + } + ], + "governance_forum": null, + "voting_token": null, + "bug_bounty_url": "https://immunefi.com/bug-bounty/maple/information/", + "security_contact": null, + "deployed_contracts_doc": "https://docs.maple.finance/integrate/ethereum-mainnet/smart-contract-integration", + "admin_addresses": [ + { + "chain": "Ethereum", + "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", + "role": "DAO multisig / GovernorTimelock role manager", + "actor_class": "multisig" + }, + { + "chain": "Ethereum", + "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", + "role": "GovernorTimelock / MapleGlobals governor", + "actor_class": "timelock" + }, + { + "chain": "Ethereum", + "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", + "role": "securityAdmin multisig", + "actor_class": "multisig" + }, + { + "chain": "Ethereum", + "address": "0xCe1cE7c7F436DCc4E28Bc8bf86115514d3DC34E8", + "role": "operationalAdmin", + "actor_class": "unknown" + }, + { + "chain": "Base", + "address": "0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE", + "role": "Base governor multisig", + "actor_class": "multisig" + } + ], + "upgradeability": "mixed", + "about": "Maple is an on-chain lending and asset-management protocol where lenders deposit stablecoins into pools such as syrupUSDC and syrupUSDT, and pool assets are deployed into institutional credit, liquidity provisioning, and related yield strategies. Syrup exposes Maple's institutional lending market through DeFi integrations; smart-contract deposits route through SyrupRouter and PoolPermissionManager, while withdrawals use requestRedeem into a FIFO queue." + } + }, + { + "schema_version": 4, + "slug": "maple", + "slice": "verifiability", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-29", + "model": "gpt-5.5-thinking", + "chat_url": "https://chatgpt.com/s/t_6a1a1a8deda08191ad91dcdbd1627ea1", + "grading_basis": "mixed", + "grade": "orange", + "headline": "Ethereum core is mostly verified and audited, but full verification is incomplete across pinned Base/admin and withdrawal-manager surfaces, with no deployment-commit drift check.", + "short_headline": "Mostly verified, gaps", + "rationale": { + "findings": [ + { + "code": "V1", + "text": "Key Ethereum contracts are largely verified: MapleGlobals, PoolManager, PoolPermissionManager, Pool and MapleCCIPReceiver surfacers show etherscan/sourcify ABI sources and proxy implementations where resolved; however pinned Base securityAdmin/globals addresses did not resolve to verified ABIs." + }, + { + "code": "V2", + "text": "A public Maple V2 core repo and Maple JS repo exist and structurally correspond to the visible deployed modules/ABIs, but this run did not pin a deployment commit SHA or perform bytecode matching." + }, + { + "code": "V3", + "text": "Audit coverage is substantial and recent for current modules: official docs list September 2025 Governor Timelock audits, November 2025 Withdrawal Manager audits, and January 2026 CCIP Receiver audits; older Maple V2 audit README lists Trail of Bits/Spearbit/Three Sigma/0xMacro coverage for earlier releases." + }, + { + "code": "V4", + "text": "Recognized auditors observed in fetched audit evidence include Trail of Bits, Spearbit and Sigma Prime; Sherlock, 0xMacro and Dedaub are also listed by Maple but were not treated as sufficient by themselves for green-grade recognition under the prompt's recognized-firm list." + }, + { + "code": "V5", + "text": "Post-audit drift was not fully reconstructed: no bytecode-to-repo commit match or diff sampling against audit commits was performed, so drift remains an unknown rather than an asserted downgrade by itself." + }, + { + "code": "V6", + "text": "Proxy implementation verification is mixed: MapleGlobals and PoolPermissionManager implementations were surfaced, MapleCCIPReceiver implementation was surfaced, but WithdrawalManagerQueue only exposed a proxy shell in this run and some Base pinned contracts had no verified ABI." + } + ], + "steelman": { + "red": "Red case: unverified or unresolved implementations on pinned Base/admin/withdrawal-manager surfaces prevent a full outsider reconstruction of all deployed code paths.", + "orange": "Orange case: most Ethereum core contracts are verified and audited, but verification is incomplete across all pinned deployments and this run did not establish source-to-deployment commit or post-audit drift.", + "green": "Green case: the main Ethereum core has public repos, verified ABIs/proxy implementations for major components, and recent audits by recognized firms covering GovernorTimelock, Withdrawal Manager and CCIP Receiver releases." + }, + "verdict": "Choosing orange because the main Ethereum core is substantially verifiable and recently audited, but the full protocol posture is not green: several pinned Base/admin surfaces lacked verified ABI or implementation resolution, WithdrawalManagerQueue implementation was not resolved in the surfacer, and no source-to-deployed-commit or drift check was completed." + }, + "evidence": [ + { + "url": "https://docs.maple.finance/", + "shows": "Official docs describe Maple as a digital asset lending platform using compliance and due diligence, and Syrup as making Maple's institutional lending marketplace available through DeFi." + }, + { + "url": "https://docs.maple.finance/integrate/ethereum-mainnet/smart-contract-integration", + "shows": "Official deployed-contracts/integration page lists Syrup smart-contract addresses, PoolPermissionManager, direct requestRedeem integration and Maple JS ABI references." + }, + { + "url": "https://github.com/maple-labs/maple-core-v2", + "shows": "Public Maple V2 core repository contains the core smart contracts, submodules for globals, pool-v2, pool-permission-manager and withdrawal-manager-queue, and links audit reports/bug bounty." + }, + { + "url": "https://github.com/maple-labs/maple-js", + "shows": "Public Maple JavaScript SDK for interacting with Maple smart contracts; README documents installation, network address exports and transaction helpers." + }, + { + "url": "https://github.com/maple-labs/maple-cross-chain-receiver", + "shows": "Public Maple cross-chain receiver repository describes the Chainlink CCIP-powered receiver module for cross-chain Maple deposits/redemptions." + }, + { + "url": "https://docs.maple.finance/technical-resources/security/security", + "shows": "Official security page lists audits including November 2025 Withdrawal Manager audits by Spearbit/Sherlock, January 2026 CCIP Receiver audits by Dedaub/Sigma Prime, emergency pause, oracle protections and bug bounty." + }, + { + "url": "https://github.com/maple-labs/maple-v2-audits/blob/main/README.md", + "shows": "Public Maple V2 audit README lists older Maple V2 reports, including Trail of Bits, Spearbit and Three Sigma coverage." + }, + { + "url": "https://immunefi.com/bug-bounty/maple/information/", + "shows": "Immunefi Maple bug bounty page shows live bounty metadata, maximum smart-contract bounty of $500,000, and scope information." + }, + { + "url": "https://defipunkd.com/address/1/0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", + "shows": "Ethereum GovernorTimelock surfacer verifies the timelock contract, default delay values and role-management/write surface.", + "chain": "Ethereum", + "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b" + }, + { + "url": "https://defipunkd.com/address/1/0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", + "shows": "Ethereum DAO multisig is a Safe with threshold 4 of 7 owners.", + "chain": "Ethereum", + "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196" + }, + { + "url": "https://defipunkd.com/address/1/0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", + "shows": "Ethereum securityAdmin is a multisig with threshold 3 of 6 owners.", + "chain": "Ethereum", + "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818" + }, + { + "url": "https://defipunkd.com/address/1/0x804a6F5F667170F545Bf14e5DDB48C70B788390C", + "shows": "MapleGlobals is a proxy governed by GovernorTimelock, with operationalAdmin and securityAdmin addresses surfaced and upgrade/pause/oracle write methods visible.", + "chain": "Ethereum", + "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C" + }, + { + "url": "https://defipunkd.com/address/8453/0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE", + "shows": "Base governor is a Gnosis Safe L2 multisig with threshold 3 of 5 owners.", + "chain": "Base", + "address": "0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE" + }, + { + "url": "https://defipunkd.com/address/1/0x804a6F5F667170F545Bf14e5DDB48C70B788390C", + "shows": "MapleGlobals proxy ABI source is etherscan and resolves to implementation 0x9BeAbb1B6F3ad1DdB87b65148BA5Eb6102334956.", + "chain": "Ethereum", + "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C" + }, + { + "url": "https://defipunkd.com/address/1/0x9BeAbb1B6F3ad1DdB87b65148BA5Eb6102334956", + "shows": "MapleGlobals implementation ABI source is sourcify, providing separate implementation verification evidence.", + "chain": "Ethereum", + "address": "0x9BeAbb1B6F3ad1DdB87b65148BA5Eb6102334956" + }, + { + "url": "https://defipunkd.com/address/1/0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F", + "shows": "syrupUSDC PoolManager is a verified proxy with implementation 0xfE02Be1aD28EdFd8e3dD6F29C402B244C2A258B8 surfaced.", + "chain": "Ethereum", + "address": "0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F" + }, + { + "url": "https://defipunkd.com/address/1/0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b", + "shows": "syrupUSDC Pool ABI source is etherscan and raw ABI exposes Pool entry/exit and ERC-4626-like methods.", + "chain": "Ethereum", + "address": "0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b" + }, + { + "url": "https://defipunkd.com/address/1/0xBe10aDcE8B6E3E02Db384E7FaDA5395DD113D8b3", + "shows": "PoolPermissionManager proxy ABI source is etherscan and resolves to implementation 0xC353f6f5F7388828287Eb76468631E1C8d0d1ec8.", + "chain": "Ethereum", + "address": "0xBe10aDcE8B6E3E02Db384E7FaDA5395DD113D8b3" + }, + { + "url": "https://defipunkd.com/address/1/0x1bc47a0Dd0FdaB96E9eF982fdf1F34DC6207cfE3", + "shows": "WithdrawalManagerQueue proxy surfacer only exposed a proxy shell through sourcify and did not resolve the implementation ABI in this run.", + "chain": "Ethereum", + "address": "0x1bc47a0Dd0FdaB96E9eF982fdf1F34DC6207cfE3" + }, + { + "url": "https://defipunkd.com/address/1/0x02B6A75c5D1F430F0614dc5AC8aD5F9D35fbA2c4", + "shows": "MapleCCIPReceiver is a verified ERC1967Proxy with implementation 0x23CEF2965Db19f67A996371F9Cb1A2F33D2b4821 and ABI source etherscan.", + "chain": "Ethereum", + "address": "0x02B6A75c5D1F430F0614dc5AC8aD5F9D35fbA2c4" + }, + { + "url": "https://defipunkd.com/address/8453/0x7f3C3636208A18c7941BF051807db56864061465", + "shows": "Pinned Base globals singleton did not resolve to a verified ABI through etherscan or sourcify in this run.", + "chain": "Base", + "address": "0x7f3C3636208A18c7941BF051807db56864061465" + }, + { + "url": "https://defipunkd.com/address/8453/0x6150371231f783e97906af4861Bc1eD11cE1c9Ea", + "shows": "Pinned Base securityAdmin did not resolve to a verified ABI through etherscan or sourcify in this run.", + "chain": "Base", + "address": "0x6150371231f783e97906af4861Bc1eD11cE1c9Ea" + }, + { + "url": "https://github.com/maple-labs/maple-core-v2", + "shows": "Public Maple V2 core repo contains contract submodules and audit references; this run did not pin a source-to-deployment commit or bytecode diff." + }, + { + "url": "https://docs.maple.finance/technical-resources/security/security", + "shows": "Official security page lists recent current-release audits: September 2025 Governor Timelock, November 2025 Withdrawal Manager and January 2026 CCIP Receiver audits." + }, + { + "url": "https://github.com/maple-labs/maple-v2-audits/blob/main/README.md", + "shows": "Public audit README lists older Maple V2 audit reports, including Trail of Bits, Spearbit and Three Sigma reports for 2022 and 2023 releases." + } + ], + "unknowns": [ + "V1: Verification status for every pinned address, including Solana deployments and Base cashUSDCPool/token/treasury/operationalAdmin, was not exhaustively checked.", + "V2: No source-to-repo commit SHA or bytecode diff was pinned for deployed contracts.", + "V3: The legacy Code4rena audit links in the pinned input were not individually opened/scoped to current deployed contracts; current audit matrix and Maple V2 audit README were fetched.", + "V4: Auditor recognition was applied only to firms explicitly recognized by the prompt or broadly visible in fetched evidence.", + "V5: Post-audit drift was not sampled with compare views or deployment manifests; no material drift finding is asserted.", + "V6: WithdrawalManagerQueue implementation and multiple Base pinned implementations were not resolved by the surfacer." + ], + "protocol_metadata": { + "github": [ + "https://github.com/maple-labs/maple-core-v2", + "https://github.com/maple-labs/maple-js", + "https://github.com/maple-labs/maple-cross-chain-receiver" + ], + "docs_url": "https://docs.maple.finance/", + "audits": [ + { + "firm": "Trail of Bits", + "url": "https://github.com/maple-labs/maple-v2-audits/blob/main/README.md", + "date": "2022-08-24" + }, + { + "firm": "Spearbit", + "url": "https://docs.maple.finance/technical-resources/security/security", + "date": "2025-11" + }, + { + "firm": "Sigma Prime", + "url": "https://docs.maple.finance/technical-resources/security/security", + "date": "2026-01" + } + ], + "governance_forum": null, + "voting_token": null, + "bug_bounty_url": "https://immunefi.com/bug-bounty/maple/information/", + "security_contact": null, + "deployed_contracts_doc": "https://docs.maple.finance/integrate/ethereum-mainnet/smart-contract-integration", + "admin_addresses": [ + { + "chain": "Ethereum", + "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", + "role": "DAO multisig / GovernorTimelock role manager", + "actor_class": "multisig" + }, + { + "chain": "Ethereum", + "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", + "role": "GovernorTimelock / MapleGlobals governor", + "actor_class": "timelock" + }, + { + "chain": "Ethereum", + "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", + "role": "securityAdmin multisig", + "actor_class": "multisig" + }, + { + "chain": "Ethereum", + "address": "0xCe1cE7c7F436DCc4E28Bc8bf86115514d3DC34E8", + "role": "operationalAdmin", + "actor_class": "unknown" + }, + { + "chain": "Base", + "address": "0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE", + "role": "Base governor multisig", + "actor_class": "multisig" + } + ], + "upgradeability": "mixed", + "about": "Maple is an on-chain lending and asset-management protocol where lenders deposit stablecoins into pools such as syrupUSDC and syrupUSDT, and pool assets are deployed into institutional credit, liquidity provisioning, and related yield strategies. Syrup exposes Maple's institutional lending market through DeFi integrations; smart-contract deposits route through SyrupRouter and PoolPermissionManager, while withdrawals use requestRedeem into a FIFO queue." + } + } +] diff --git a/data/submissions/maple/all/Claude-2026-05-30.json b/data/submissions/maple/all/Claude-2026-05-30.json new file mode 100644 index 0000000000..ade3945840 --- /dev/null +++ b/data/submissions/maple/all/Claude-2026-05-30.json @@ -0,0 +1,536 @@ +[ + { + "schema_version": 4, + "slug": "maple", + "slice": "control", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-29", + "model": "claude-sonnet-4-6", + "chat_url": "https://claude.ai/share/8d1f8ec6-8e84-4cd5-9d15-a60a38499c99", + "grade": "orange", + "headline": "4-of-7 daoMultisig proposes through a custom 3-day GovernorTimelock; securityAdmin (3-of-6) can pause the entire protocol immediately with no time cap", + "short_headline": "3-day upgrade path; emergency pause untimelocked", + "rationale": { + "findings": [ + { + "code": "C1", + "text": "MapleGlobals NonTransparentProxy (0x804a6F5F667170F545Bf14e5DDB48C70B788390C) admin()=governor()=GovernorTimelock (0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b). PoolManager for syrupUSDC (0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F) governor()=same GovernorTimelock. securityAdmin()=0x6b1A78C1943b03086F7Ee53360f9b0672bD60818 (3-of-6 Gnosis Safe). operationalAdmin()=0xCe1cE7c7F436DCc4E28Bc8bf86115514d3DC34E8 (actor class unverified beyond Safe proxy ABI)." + }, + { + "code": "C2", + "text": "MapleGlobals uses a NonTransparentProxy pattern: admin (GovernorTimelock) can call setImplementation(address) directly on the proxy to replace the logic contract, a T1 upgrade path. PoolManager is a factory-pattern Proxy (implementation 0xfE02Be1aD28EdFd8e3dD6F29C402B244C2A258B8); it exposes upgrade(version,bytes) callable by governor or poolDelegate, also T1." + }, + { + "code": "C3", + "text": "Execution path for governance upgrades: (1) Proposer with PROPOSER_ROLE calls scheduleProposals(targets,data) on GovernorTimelock (0x2eFF...); proposer identity unverified this run — recorded in unknowns. (2) defaultTimelockParameters()=[259200,172800]: minimum 259200 s (3 days) delay before executeProposals may fire. MIN_DELAY=86400 s (1 day) sets the floor. (3) executeProposals calls target contracts. For Globals, some functions also require prior scheduling via Globals' own scheduledCalls mechanism (defaultTimelockParameters=[604800,172800], 7-day window), creating dual delays of 3+7=10 days for those specific actions. Uncontested fast path for setImplementation on Globals: 3 days." + }, + { + "code": "C4", + "text": "daoMultisig (0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196): 4-of-7 Gnosis Safe v1.3.0, 7 EOA signers. Signer identities not publicly verified this run. tokenWithdrawer on GovernorTimelock=daoMultisig. securityAdmin (0x6b1A78C1943b03086F7Ee53360f9b0672bD60818): 3-of-6 Gnosis Safe (older v1.1.0-based). Signer identities not verified this run. Power: call setProtocolPause and setContractPause on Globals. Neither multisig qualifies as Security Council (7+ signers, ≥51% threshold, ≥50% non-insider not verified)." + }, + { + "code": "C5", + "text": "No on-chain token-weighted governor contract (OZ Governor, GovernorBravo) found. The GovernorTimelock is a custom contract with PROPOSER_ROLE controlling scheduling — it is not a standard token-voting system. Governance is off-chain multisig-gated." + }, + { + "code": "C6", + "text": "Emergency power: securityAdmin (3-of-6 Safe) can call setProtocolPause(bool) on Globals immediately, with no documented on-chain time cap. Globals confirms protocolPaused()=false at the time of reading. setContractPause(address,bool) can pause individual contracts. Both functions callable by securityAdmin without any timelock or governance vote." + }, + { + "code": "C7", + "text": "Highest T1 paths: (a) securityAdmin (3-of-6) → setProtocolPause(true) on Globals, zero delay — pauses withdrawals (T1, fund-critical). (b) GovernorTimelock (3-day delay, proposer unverified) → setImplementation on Globals proxy (T1, replaces core logic). (c) GovernorTimelock → upgrade() on PoolManager (T1). Fast-path T1 via pause = 0 days; via upgrade = 3 days. 3-of-6 multisig with zero timelock on the pause path is the dominant concern." + } + ], + "steelman": { + "red": "The securityAdmin (3-of-6 multisig, insider composition unverified) can pause ALL withdrawals and protocol functions instantly with zero timelock and no cap, a 3-of-6 coordinated compromise could freeze all $1.4B in user funds indefinitely.", + "orange": "T1 is reachable via emergency pause (zero delay, 3-of-6 multisig) and via upgrade (3-day delay); neither path meets the 7-day bar for green, and the securityAdmin fails Security Council criteria; but a 3-of-6 is meaningfully harder to compromise than a 2-of-3 so does not trigger the red rule.", + "green": "Core upgrades require a 3-day GovernorTimelock delay with 4-of-7 daoMultisig approval; certain Globals functions have an additional 7-day internal scheduling delay; the emergency pause is scoped to genuine incident response and has a 3-of-6 threshold." + }, + "verdict": "Choosing orange because T1 is reachable on the uncontested fast path at zero delay via the securityAdmin (3-of-6) calling setProtocolPause on Globals (0x804a6F5F667170F545Bf14e5DDB48C70B788390C confirmed protocolPaused=false and securityAdmin=0x6b1A78C1943b03086F7Ee53360f9b0672bD60818), and at 3 days via GovernorTimelock for implementation upgrades. The 3-of-6 threshold does not trigger the red rule ('single EOA or 2-of-3 multisig') but it also does not meet Security Council standards, and the pause path has no documented on-chain time cap. The upgrade path at 3 days is below the 7-day bar for green on T1 paths." + }, + "evidence": [ + { + "url": "https://defipunkd.com/address/1/0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", + "shows": "daoMultisig confirmed as 4-of-7 Gnosis Safe v1.3.0 with 7 EOA signers; nonce=434 indicates active use; tokenWithdrawer on GovernorTimelock is this address", + "chain": "Ethereum", + "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://defipunkd.com/address/1/0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", + "shows": "GovernorTimelock: MIN_DELAY=86400 (1 day), defaultTimelockParameters=[259200,172800] (3-day delay, 2-day execution window), latestProposalId=13, tokenWithdrawer=daoMultisig; bespoke GovernorTimelock contract, not standard OZ", + "chain": "Ethereum", + "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://defipunkd.com/address/1/0x804a6F5F667170F545Bf14e5DDB48C70B788390C", + "shows": "MapleGlobals NonTransparentProxy: admin()=governor()=GovernorTimelock; securityAdmin()=0x6b1A78C1943b03086F7Ee53360f9b0672bD60818; operationalAdmin()=0xCe1cE7c7F436DCc4E28Bc8bf86115514d3DC34E8; protocolPaused()=false; defaultTimelockParameters()=[604800,172800] (7-day internal delay); implementation=0x9BeAbb1B6F3ad1DdB87b65148BA5Eb6102334956; setImplementation callable by admin; setProtocolPause callable by securityAdmin", + "chain": "Ethereum", + "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://defipunkd.com/address/1/0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", + "shows": "securityAdmin confirmed as 3-of-6 Gnosis Safe (v1.1.0 with changeMasterCopy); 6 EOA signers; nonce=31", + "chain": "Ethereum", + "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://defipunkd.com/address/1/0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F", + "shows": "syrupUSDC PoolManager Proxy: governor()=GovernorTimelock; globals()=MapleGlobals; implementation=0xfE02Be1aD28EdFd8e3dD6F29C402B244C2A258B8; upgrade() and setImplementation() exposed; active=true", + "chain": "Ethereum", + "address": "0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F", + "fetched_at": "2026-05-30T00:00:00Z" + } + ], + "unknowns": [ + "C3: PROPOSER_ROLE holder on GovernorTimelock not verified on-chain this run; assumed to be daoMultisig based on context but not confirmed", + "C4: Signer identities for daoMultisig (4-of-7) and securityAdmin (3-of-6) not publicly verified this run; insider vs. non-insider ratio unknown", + "C4: operationalAdmin (0xCe1cE7c7F436DCc4E28Bc8bf86115514d3DC34E8) actor class not fully determined (ABI suggests Safe proxy but owners/threshold not read)", + "C6: Maximum duration for securityAdmin-triggered protocol pause not found on-chain; docs describe it as 'temporary' but no numeric cap confirmed" + ], + "protocol_metadata": { + "github": ["https://github.com/maple-labs/maple-core-v2", "https://github.com/maple-labs/maple-cross-chain-receiver"], + "docs_url": "https://docs.maple.finance", + "audits": [ + {"firm": "Trail of Bits", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2022-december/TrailOfBits-Maple.pdf", "date": "2022-08"}, + {"firm": "Spearbit", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2022-december/Spearbit-maple.pdf", "date": "2022-10"}, + {"firm": "Three Sigma", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2024-december/Three-Sigma-Maple-Finance-Dec-2024%20.pdf", "date": "2024-12"}, + {"firm": "0xMacro", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2024-december/0xMacro-Maple-Finance-Dec-2024.pdf", "date": "2024-12"}, + {"firm": "Sherlock", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2025-sept-governor-timelock/Sherlock-Maple-Finance-timelock-Sept-2025.pdf", "date": "2025-09"}, + {"firm": "0xMacro", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2025-sept-governor-timelock/0xMacro-Maple-Finance-timelock-Sept-2025.pdf", "date": "2025-09"}, + {"firm": "Spearbit", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2025-november/Spearbit-Maple-Finance-WM-Nov-2025.pdf", "date": "2025-11"}, + {"firm": "Sigma Prime", "url": "https://github.com/maple-labs/maple-cross-chain-receiver/blob/main/audits/2026-january/SigmaPrime-Chainlink-Maple.pdf", "date": "2026-01"} + ], + "governance_forum": null, + "voting_token": {"chain": "Ethereum", "address": "0x643C4E15d7d62Ad0aBeC4a9BD4b001aA3Ef52d66", "symbol": "SYRUP"}, + "bug_bounty_url": "https://immunefi.com/bounty/maple/", + "security_contact": null, + "deployed_contracts_doc": null, + "admin_addresses": [ + {"chain": "Ethereum", "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", "role": "daoMultisig / tokenWithdrawer", "actor_class": "multisig"}, + {"chain": "Ethereum", "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", "role": "GovernorTimelock / admin of Globals", "actor_class": "timelock"}, + {"chain": "Ethereum", "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", "role": "securityAdmin (emergency pause)", "actor_class": "multisig"}, + {"chain": "Ethereum", "address": "0xCe1cE7c7F436DCc4E28Bc8bf86115514d3DC34E8", "role": "operationalAdmin", "actor_class": "unknown"}, + {"chain": "Ethereum", "address": "0xBe10aDcE8B6E3E02Db384E7FaDA5395DD113D8b3", "role": "MaplePoolPermissionManager proxy", "actor_class": "unknown"}, + {"chain": "Base", "address": "0xD9481a47DFe8E5C35Eb809df25cdB5Bc2E24A3bE", "role": "governor (Base)", "actor_class": "unknown"} + ], + "upgradeability": "upgradeable", + "about": "Maple Finance is an on-chain institutional lending protocol where users deposit USDC or USDT into lending pools (syrupUSDC, syrupUSDT) to earn yield from overcollateralized fixed-rate loans to vetted institutional borrowers. The Syrup product makes this lending marketplace accessible to non-US retail users via ERC-4626 vault shares with a queue-based redemption mechanism. A separate Secured Lending pool is restricted to institutional allocators. Loans are managed by permissioned pool delegates, and the protocol is governed by a 4-of-7 multisig operating through a custom GovernorTimelock." + } + }, + { + "schema_version": 4, + "slug": "maple", + "slice": "ability-to-exit", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-29", + "model": "claude-sonnet-4-6", + "chat_url": "https://claude.ai/share/8d1f8ec6-8e84-4cd5-9d15-a60a38499c99", + "grade": "orange", + "headline": "requestRedeem/redeem path exists on-chain; securityAdmin (3-of-6) can pause all exits including finalized claims indefinitely with no on-chain time cap", + "short_headline": "Queue-based exit; 3-of-6 can pause all functions", + "rationale": { + "findings": [ + { + "code": "E1", + "text": "Exit functions on MaplePool (syrupUSDC, 0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b): requestRedeem(shares,owner), requestWithdraw(assets,owner), redeem(shares,receiver,owner), withdraw(assets,receiver,owner), removeShares(shares,owner). The flow is two-step: requestRedeem places shares into escrow in the WithdrawalManager (0x1bc47a0Dd0FdaB96E9eF982fdf1F34DC6207cfE3); redeem/withdraw claims them once liquidity is available." + }, + { + "code": "E2", + "text": "All exit functions ultimately route through PoolManager.canCall() which checks MapleGlobals. If protocolPaused()=true, the Globals rejects the call, blocking all pool interactions including both requestRedeem (new exit placement) and redeem (claim of previously queued position). No distinction between request and claim was observed in the ABI — both are gated by the global pause flag." + }, + { + "code": "E3", + "text": "Pause guard: MapleGlobals.setProtocolPause(bool) callable by securityAdmin (3-of-6 Safe, 0x6b1A78C1943b03086F7Ee53360f9b0672bD60818) with ZERO timelock. Globals also exposes setContractPause(address,bool) callable by securityAdmin for per-contract pausing. Currently protocolPaused()=false. No on-chain maximum pause duration is stored in Globals or the securityAdmin contract." + }, + { + "code": "E4", + "text": "Emergency pause path: securityAdmin (3-of-6) → setProtocolPause(true) → immediate effect, no cap. Governance path (slower): GovernorTimelock (3-day delay) → setProtocolPause via governor is also possible since governor controls Globals, but docs describe the securityAdmin as the emergency mechanism. The emergency path has no documented auto-expiry." + }, + { + "code": "E5", + "text": "Withdrawal queue: WithdrawalManager (0x1bc47a0Dd0FdaB96E9eF982fdf1F34DC6207cfE3) governs redemption timing. Queue duration depends on available pool liquidity and pool delegate decisions — no on-chain maximum queue duration constant was read this run. The November 2025 audit (Spearbit+Sherlock) covered a WM upgrade adding support for multiple pending requests per owner." + }, + { + "code": "E6", + "text": "No permissionless escape-hatch or emergency-exit mechanism found in the MaplePool or PoolManager ABIs that bypasses the global pause or the withdrawal queue. Users cannot exit adversarially without admin cooperation if the protocol is paused." + }, + { + "code": "E7", + "text": "Exit functions (requestRedeem, redeem, withdraw, removeShares) are standard ERC-4626-adjacent methods callable directly on the MaplePool contract (0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b) via any EVM-compatible wallet or Etherscan write tab, without requiring the official frontend — assuming the protocol is not paused." + } + ], + "steelman": { + "red": "The securityAdmin (3-of-6) can pause ALL exit claims including previously-finalized redemptions indefinitely with zero timelock and no on-chain time cap, and no escape hatch exists for users under adversarial admin conditions.", + "orange": "The pause actor is a 3-of-6 multisig (not a single EOA or 2-of-3), requires coordination among 3 independent signers; the pause is described as a temporary emergency measure; users can withdraw directly on-chain when not paused; the protocol is not currently paused.", + "green": "Exit functions exist on-chain and are callable without the official frontend; there is no permanent lock mechanism other than pause; the ERC-4626 redeem path is permissionless for existing token holders." + }, + "verdict": "Choosing orange because while exit functions exist and are on-chain callable (E7), the securityAdmin (3-of-6, confirmed at 0x6b1A78C1943b03086F7Ee53360f9b0672bD60818) can pause all protocol functions including finalized redemption claims via setProtocolPause on Globals (confirmed callable, no timelock, no on-chain time cap). The 3-of-6 threshold does not trigger the 'pause held by a single EOA / 2-of-3 multisig' red criterion, but the indefinite scope with no cap and no escape hatch keeps this firmly orange rather than green." + }, + "evidence": [ + { + "url": "https://defipunkd.com/address/1/0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b", + "shows": "MaplePool (syrupUSDC): exposes requestRedeem, requestWithdraw, redeem, withdraw, removeShares; manager=0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F; totalAssets=1,389,661,665,922,226 (USDC 6 dec = ~$1.39B); unrealizedLosses=0; no paused() on pool itself (pause delegated to Globals)", + "chain": "Ethereum", + "address": "0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://defipunkd.com/address/1/0x804a6F5F667170F545Bf14e5DDB48C70B788390C", + "shows": "Globals: protocolPaused()=false; setProtocolPause(bool) write method present; securityAdmin=0x6b1A78C1943b03086F7Ee53360f9b0672bD60818; setContractPause(address,bool) present; no max pause duration constant in ABI", + "chain": "Ethereum", + "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://defipunkd.com/address/1/0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", + "shows": "securityAdmin is a 3-of-6 Gnosis Safe with nonce=31; directly confirmed pause actor", + "chain": "Ethereum", + "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://defipunkd.com/address/1/0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F", + "shows": "PoolManager: withdrawalManager=0x1bc47a0Dd0FdaB96E9eF982fdf1F34DC6207cfE3; canCall(functionId,caller,data) gatekeeps all pool operations via Globals", + "chain": "Ethereum", + "address": "0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://docs.maple.finance/technical-resources/security/security", + "shows": "Emergency pause described as ability to 'temporarily disable almost all functions in the Maple protocol'; pause triggered by a multisig; November 2025 WM upgrade audited by Spearbit and Sherlock", + "fetched_at": "2026-05-30T00:00:00Z" + } + ], + "unknowns": [ + "E3: Maximum allowed duration for emergency pause not found as an on-chain constant; docs say 'temporary' but no numeric cap confirmed on-chain", + "E5: Maximum queue wait time for withdrawalManager not read on-chain this run; no cap constant observed in PoolManager or pool ABIs", + "E2: Whether redeem() (claim of already-processed redemption) specifically bypasses pause or is equally blocked by setProtocolPause was not deterministically confirmed via source code review; inferred from global pause scope" + ], + "protocol_metadata": { + "github": ["https://github.com/maple-labs/maple-core-v2"], + "docs_url": "https://docs.maple.finance", + "audits": [ + {"firm": "Spearbit", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2025-november/Spearbit-Maple-Finance-WM-Nov-2025.pdf", "date": "2025-11"}, + {"firm": "Sherlock", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2025-november/Sherlock-Maple-Finance-WM-Nov-2025.pdf", "date": "2025-11"} + ], + "governance_forum": null, + "voting_token": {"chain": "Ethereum", "address": "0x643C4E15d7d62Ad0aBeC4a9BD4b001aA3Ef52d66", "symbol": "SYRUP"}, + "bug_bounty_url": "https://immunefi.com/bounty/maple/", + "security_contact": null, + "deployed_contracts_doc": null, + "admin_addresses": [ + {"chain": "Ethereum", "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", "role": "securityAdmin (emergency pause)", "actor_class": "multisig"}, + {"chain": "Ethereum", "address": "0x1bc47a0Dd0FdaB96E9eF982fdf1F34DC6207cfE3", "role": "WithdrawalManager for syrupUSDC pool", "actor_class": "unknown"} + ], + "upgradeability": "upgradeable", + "about": "Maple Finance is an on-chain institutional lending protocol where users deposit USDC or USDT into lending pools to earn yield from overcollateralized loans to institutional borrowers. Exit follows a two-step queue: users call requestRedeem to enter the withdrawal queue, then redeem once liquidity is released by the pool delegate. The securityAdmin can halt all protocol functions immediately via a global pause flag." + } + }, + { + "schema_version": 4, + "slug": "maple", + "slice": "autonomy", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-29", + "model": "claude-sonnet-4-6", + "chat_url": "https://claude.ai/share/8d1f8ec6-8e84-4cd5-9d15-a60a38499c99", + "grading_basis": "mixed", + "grade": "orange", + "headline": "Chainlink oracles for secured-lending collateral pricing; CCIP for cross-chain deposits; oracle address governance-mutable after 3-day delay; borrower defaults are acknowledged principal risk", + "short_headline": "Chainlink and CCIP dependencies; oracle mutable", + "rationale": { + "findings": [ + { + "code": "A1", + "text": "MapleGlobals exposes getLatestPrice(address) and priceOracleOf(address) view methods, and setPriceOracle(address asset, address oracle, uint96 maxDelay) write method — confirming on-chain Chainlink oracle integration for collateral pricing used in secured lending. Docs confirm: 'Chainlink Oracles — Maple Finance uses Chainlink oracles to provide price feeds for the protocol.' For syrupUSDC and syrupUSDT pools (pure USDC/USDT lending), oracle pricing is not needed for basic deposit/redeem operations — principal impact here is from borrower defaults, not oracle failure. For securedLendingUSDCPool (~$64M AUM per website), oracle failure could cause mis-priced liquidations and potential principal impairment." + }, + { + "code": "A2", + "text": "Borrowers must be whitelisted by governance (setValidBorrower on Globals). Pool delegates (protocol-appointed addresses) manage loan deployment and repayment monitoring. Repayment depends on off-chain institutional counterparties. If borrowers default, the pool cover deposit (first-loss capital from pool delegate) absorbs losses up to its limit; excess losses fall on depositors. This is accepted credit risk in the product design, not an oracle-committee-style external dependency. PoolManager for syrupUSDC has hasSufficientCover()=true at time of reading." + }, + { + "code": "A3", + "text": "Chainlink CCIP bridge: MapleCCIPReceiver (0x02B6A75c5D1F430F0614dc5AC8aD5F9D35fbA2c4) allows cross-chain deposits into syrupUSDC. Audited Dec 2025/Jan 2026 by Dedaub and Sigma Prime. If CCIP fails or is exploited, cross-chain depositors would be unable to deposit or redeem via the cross-chain path; direct Ethereum mainnet deposits and redemptions would be unaffected. CCIP failure does not directly threaten existing mainnet TVL." + }, + { + "code": "A4", + "text": "No nested restaking or receipt-of-receipt design. Maple pools lend USDC directly to institutional borrowers with collateral managed by pool delegates. Not applicable." + }, + { + "code": "A6", + "text": "Docs describe two fallback mechanisms: (1) oracle wrappers to 'prevent oracle outages and oracle manipulation from causing issues during liquidations'; (2) manualOverridePrice(address) on Globals lets the governor set a manual override price, bypassing the Chainlink feed. Activation status of oracle wrappers: DOCUMENTED but on-chain state not verified this run (listed in unknowns). The manual override requires governance action (GovernorTimelock, 3-day delay)." + }, + { + "code": "A8", + "text": "Liquidation bots: Maple requires keepers for loan default processing (triggerDefault on PoolManager). If nobody calls triggerDefault when a loan is overdue, bad debt may accumulate unchecked. The pool delegate is responsible for monitoring but this is a semi-permissioned keeper role. Failure is graceful (bad debt accrues) rather than catastrophic (immediate principal loss), as the unrealizedLosses mechanism tracks unrecognized defaults." + }, + { + "code": "A9", + "text": "Governor can call setPriceOracle(address asset, address oracle, uint96 maxDelay) on Globals via the 3-day GovernorTimelock (confirmed from Globals ABI and GovernorTimelock delay). This allows swapping the Chainlink feed for any pool to an attacker-controlled oracle — a genuine A9 finding. The 3-day delay on oracle changes is below the 7-day exit-window standard, so users have 3 days to observe a queued oracle swap and react. Similarly, setWithdrawalManager on PoolManager (governor-controlled after delay) could redirect withdrawals." + } + ], + "steelman": { + "red": "The governor can hot-swap Chainlink oracle addresses for collateral pricing after only a 3-day delay (below the 7-day exit window), and a compromised governance path could introduce a malicious price feed causing under-priced liquidations and principal theft in the secured lending pool; borrower defaults can cause principal loss that is not automatically covered.", + "orange": "Syrup pools (~95% of TVL) rely on borrower repayment rather than oracle pricing; the 3-day delay on oracle changes gives notice; oracle wrappers provide sanity checks; hasSufficientCover=true for syrupUSDC; CCIP failure affects only cross-chain flow, not mainnet principal; borrower default risk is opt-in credit risk.", + "green": "Chainlink oracles are decentralized and resistant to flash loan attacks; oracle wrappers add sanity checks; overcollateralized loans in secured pool provide buffer; all pools are isolated, preventing cascade failures across pools." + }, + "verdict": "Choosing orange because the dominant external dependency risk is the 3-day governance-mutable oracle for the secured lending pool (A9: setPriceOracle with 3-day GovernorTimelock delay on Globals 0x804a6F5F667170F545Bf14e5DDB48C70B788390C), which is below the 7-day exit-window standard. Syrup pools (~$1.4B TVL, ~95%) depend on institutional borrower repayment (opt-in credit risk, graded A2) and CCIP for cross-chain deposits (~A3, does not affect mainnet exits). Secured lending pool (~$64M, ~5%) relies on Chainlink oracle for collateral liquidations, with governance-mutable oracle address and oracle-wrapper fallback of unverified activation status. Impacted TVS under a single-dependency failure: ~5% (secured lending pool on oracle failure), ~100% on governance oracle swap (but protected by 3-day delay). Overall: oracle change with 3-day window, and borrower default exposure, qualify for orange." + }, + "evidence": [ + { + "url": "https://defipunkd.com/address/1/0x804a6F5F667170F545Bf14e5DDB48C70B788390C", + "shows": "Globals ABI confirms getLatestPrice(), priceOracleOf(), setPriceOracle(asset,oracle,maxDelay), manualOverridePrice() — on-chain oracle infrastructure; defaultTimelockParameters=[604800,172800] for internal scheduling; Governor can change oracle with 3-day GovernorTimelock delay", + "chain": "Ethereum", + "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://docs.maple.finance/technical-resources/security/security", + "shows": "Confirms Chainlink oracle use for price feeds, oracle wrappers to prevent manipulation, manual override price mechanism; CCIP Receiver audited by Dedaub and Sigma Prime; critical monitoring with Tenderly for invariant checking", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://defipunkd.com/address/1/0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F", + "shows": "syrupUSDC PoolManager: hasSufficientCover()=true; totalAssets=~$1.39B USDC; unrealizedLosses=0; strategyListLength=4; setWithdrawalManager() is a governor-callable write method", + "chain": "Ethereum", + "address": "0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://www.maple.finance", + "shows": "Website: syrupUSDC pool AUM described; Secured Lending pool listed at 5.2% APY, $64M pool AUM (at time of fetch); overcollateralized loans described; $3.86B total AUM", + "fetched_at": "2026-05-30T00:00:00Z" + } + ], + "unknowns": [ + "A1: Specific Chainlink feed addresses used in production not read on-chain this run (priceOracleOf() requires asset address args not attempted)", + "A6: Activation status of oracle wrappers (whether LIVE and enforcing or only DOCUMENTED) not verified on-chain this run; classified as unknown", + "A8: triggerDefault() caller permissions not verified; whether role is permissionless or restricted to pool delegate not confirmed from ABI alone", + "A3-offchain: CCIP dependency assessed from docs/audit; on-chain CCIP receiver state not read this run" + ], + "protocol_metadata": { + "github": ["https://github.com/maple-labs/maple-core-v2", "https://github.com/maple-labs/maple-cross-chain-receiver"], + "docs_url": "https://docs.maple.finance", + "audits": [ + {"firm": "Dedaub", "url": "https://github.com/maple-labs/maple-cross-chain-receiver/blob/main/audits/2025-november/Dedaub-Chainlink-Maple.pdf", "date": "2025-11"}, + {"firm": "Sigma Prime", "url": "https://github.com/maple-labs/maple-cross-chain-receiver/blob/main/audits/2026-january/SigmaPrime-Chainlink-Maple.pdf", "date": "2026-01"} + ], + "governance_forum": null, + "voting_token": {"chain": "Ethereum", "address": "0x643C4E15d7d62Ad0aBeC4a9BD4b001aA3Ef52d66", "symbol": "SYRUP"}, + "bug_bounty_url": "https://immunefi.com/bounty/maple/", + "security_contact": null, + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "upgradeable", + "about": "Maple Finance provides on-chain institutional lending pools where users supply USDC/USDT to earn yield from overcollateralized loans to institutional borrowers. The protocol uses Chainlink oracles for collateral pricing in its secured lending pool, Chainlink CCIP for cross-chain deposit flows, and requires governance oversight for borrower whitelisting and oracle management." + } + }, + { + "schema_version": 4, + "slug": "maple", + "slice": "open-access", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-29", + "model": "claude-sonnet-4-6", + "chat_url": "https://claude.ai/share/8d1f8ec6-8e84-4cd5-9d15-a60a38499c99", + "grade": "orange", + "headline": "syrupUSDC marketed as open to non-US users; contract-level PoolPermissionManager exists with per-pool allowlist/bitmap capability; secured lending pool is explicitly permissioned; daoMultisig can restrict admission without timelock", + "short_headline": "Tiered access: open syrup, gated institutional", + "rationale": { + "findings": [ + { + "code": "A1", + "text": "MaplePoolPermissionManager (0xBe10aDcE8B6E3E02Db384E7FaDA5395DD113D8b3) is the contract-level access layer: exposes setLenderAllowlist(poolManager,lenders,booleans) and setPoolPermissionLevel(poolManager,level). Pool manager routes calls through canCall() which checks hasPermission() on the permission manager before admitting depositors. The exact permissionLevel configured for the syrupUSDC pool manager was not successfully read this run (noted in unknowns). Secured lending pool (0xC39a5A616F0ad1Ff45077FA2dE3f79ab8eb8b8B9) is described by website as permissioned for 'sophisticated allocators.'" + }, + { + "code": "A2", + "text": "Borrowers must be whitelisted by governance (setValidBorrower on Globals, requires 4-of-7 daoMultisig via GovernorTimelock). Pool delegates are permissioned protocol-appointed operators who deploy loans and process redemptions — depositors do not need delegate approval to place a requestRedeem, but redemption fulfillment depends on the pool delegate releasing liquidity." + }, + { + "code": "A3", + "text": "Website (maple.finance) states syrupUSDC/USDT pools are 'Open for everyone (non-US)' — geographic restriction on US persons. This is an A3-passive/active combination: the 'non-US' language reads as a jurisdictional ToS restriction enforced at the frontend, not a confirmed on-chain mechanism (no OFAC contract check found in pool or permission manager ABIs). The restriction is not verified to be purely frontend-only vs. contract-enforced bitmap without reading the permissionLevel." + }, + { + "code": "A3b", + "text": "Independent access paths: syrupUSDC token (ERC-4626) is integrable by any DeFi protocol. Pool's deposit/redeem functions are callable directly on-chain (Etherscan write tab). The SYRUP token is listed on DEXes. No published standalone SDK found this run, but integration docs at docs.maple.finance/integrate-syrupusd/ exist (URL derived from website nav, not separately fetched). Third-party frontend integration paths exist through DeFi aggregators that list syrupUSDC." + }, + { + "code": "A4", + "text": "No on-chain OFAC blocklist or sanctions oracle found in the MaplePool or PoolPermissionManager contract ABIs. Contract-level sanctions filtering not confirmed." + }, + { + "code": "A5", + "text": "Read access is fully permissionless — anyone can read pool state, totalAssets, balanceOf, etc. Write access (deposit, requestRedeem) is gated by PoolPermissionManager for each pool; secured lending pool is fully permissioned; syrupUSDC pool's exact permission level unread this run." + }, + { + "code": "A6", + "text": "ToS location: linked from website footer (https://maple.finance/terms not separately fetched). Website states: syrupUSDC is 'Open for everyone (non-US)' — this is the verbatim claim from the homepage marketing copy. Full terms verbatim not extracted this run; ToS URL recorded in unknowns." + } + ], + "steelman": { + "red": "The PoolPermissionManager has on-chain lenderAllowlist capability, its admin is the daoMultisig (4-of-7) which can restrict any address from depositing into any pool at any time without timelock; the secured lending pool is explicitly permissioned; the 'non-US' restriction may be enforced at contract level via bitmap.", + "orange": "The syrupUSDC pool is marketed as broadly accessible and no KYC wall is present on the pool contract itself; the daoMultisig restriction capability requires 4 of 7 signers; direct on-chain interaction is possible bypassing any frontend geo-block; the secured lending pool's permissioned nature is a separate gated product that sophisticated users opt into.", + "green": "Both deposit and exit functions are callable on-chain by any address; 'non-US' is a frontend ToS policy; no on-chain sanctions oracle found; DeFi aggregators can route around the official frontend; ERC-4626 integration means widespread third-party compatibility." + }, + "verdict": "Choosing orange because while the syrupUSDC pool's contract-level permissionLevel was not confirmed as fully public (permissionLevel unread this run), and the PoolPermissionManager's daoMultisig admin can restrict any address from depositing or redemption-requesting without a timelock. Additionally, the secured lending pool (~5% of TVL) is explicitly permissioned at the contract level (per website). The 'non-US' restriction is frontend-stated but potentially bitmap-enforced. These factors together mean the protocol is not reliably permissionless at the contract layer: the admission surface is governance-mutable without exit-window notice." + }, + "evidence": [ + { + "url": "https://defipunkd.com/address/1/0xBe10aDcE8B6E3E02Db384E7FaDA5395DD113D8b3", + "shows": "MaplePoolPermissionManager: admin()=daoMultisig (0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196); exposes setLenderAllowlist, setPoolPermissionLevel, lenderAllowlist, permissionLevels, hasPermission — confirms contract-level admission gating per pool", + "chain": "Ethereum", + "address": "0xBe10aDcE8B6E3E02Db384E7FaDA5395DD113D8b3", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://www.maple.finance", + "shows": "syrupUSDC described as 'Open for everyone (non-US)' with ~4.7% APY; Secured Lending described as 'permissioned secured lending for sophisticated allocators'; $3.86B AUM stated", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://defipunkd.com/address/1/0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F", + "shows": "syrupUSDC PoolManager: poolPermissionManager()=0xBe10aDcE8B6E3E02Db384E7FaDA5395DD113D8b3; canCall() gatekeeps all operations via permission manager", + "chain": "Ethereum", + "address": "0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F", + "fetched_at": "2026-05-30T00:00:00Z" + } + ], + "unknowns": [ + "A1: permissionLevels(syrupUSDC poolManager) not read on-chain this run — exact permission level (public vs. bitmap vs. allowlist) for syrupUSDC pool unconfirmed; API returned 400 error on args-based read attempt", + "A3b: Published SDK/CLI existence not verified by fetching docs.maple.finance/integrate-syrupusd; third-party frontend list not assembled this run", + "A6: Full ToS text not extracted verbatim this run; ToS URL (maple.finance/terms) not fetched" + ], + "protocol_metadata": { + "github": ["https://github.com/maple-labs/maple-core-v2"], + "docs_url": "https://docs.maple.finance", + "audits": [], + "governance_forum": null, + "voting_token": {"chain": "Ethereum", "address": "0x643C4E15d7d62Ad0aBeC4a9BD4b001aA3Ef52d66", "symbol": "SYRUP"}, + "bug_bounty_url": "https://immunefi.com/bounty/maple/", + "security_contact": null, + "deployed_contracts_doc": null, + "admin_addresses": [ + {"chain": "Ethereum", "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", "role": "PoolPermissionManager admin (daoMultisig)", "actor_class": "multisig"} + ], + "upgradeability": "upgradeable", + "about": "Maple Finance uses a PoolPermissionManager to control per-pool admission. The syrupUSDC pool is marketed as accessible to non-US users globally, while the Secured Lending pool requires institutional accreditation. The daoMultisig controls permission levels for all pools." + } + }, + { + "schema_version": 4, + "slug": "maple", + "slice": "verifiability", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-29", + "model": "claude-sonnet-4-6", + "chat_url": "https://claude.ai/share/8d1f8ec6-8e84-4cd5-9d15-a60a38499c99", + "grade": "green", + "headline": "All sampled core contracts verified on Etherscan; proxies and implementations both verified; recent audits (Dec 2024, Sept–Nov 2025, Jan 2026) from Spearbit, Sigma Prime, Three Sigma, and 0xMacro", + "short_headline": "Verified contracts; recent recognized audits", + "rationale": { + "findings": [ + { + "code": "V1", + "text": "MaplePool (syrupUSDC, 0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b): verified=true, contractName='MaplePool', abiSource='etherscan', no proxy. PoolManager proxy (0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F): verified=true, proxy detected; implementation 0xfE02Be1aD28EdFd8e3dD6F29C402B244C2A258B8 merged. MapleGlobals NonTransparentProxy (0x804a6F5F667170F545Bf14e5DDB48C70B788390C): verified, proxy → implementation 0x9BeAbb1B6F3ad1DdB87b65148BA5Eb6102334956. GovernorTimelock (0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b): verified, contractName='GovernorTimelock'. PoolPermissionManager (0xBe10aDcE8B6E3E02Db384E7FaDA5395DD113D8b3): verified=true, proxy → implementation 0xC3530358e54bC81EfCe4A2e12A898E996B091753 confirmed. All key core contracts: proxy AND implementation both verified." + }, + { + "code": "V2", + "text": "Public source repository: https://github.com/maple-labs/maple-core-v2 cited in docs and address book. https://github.com/maple-labs/maple-cross-chain-receiver for CCIP contracts. Source-to-repo correspondence not independently compiled this run (no bytecode diff performed); recorded in unknowns." + }, + { + "code": "V3", + "text": "Audit coverage from docs.maple.finance/technical-resources/security/security (fetched this run): Dec 2024 release audited by Three Sigma and 0xMacro covering core contracts. Sept 2025: GovernorTimelock upgrade audited by Sherlock and 0xMacro. Nov 2025: WithdrawalManager upgrade audited by Spearbit and Sherlock. Jan 2026: CCIP Receiver audited by Sigma Prime (Spearbit also in Nov 2025 for CCIP context). The GovernorTimelock currently deployed was covered by the Sept 2025 audits (within 8 months of analysis date). Core contracts (PoolManager, Globals) covered by Dec 2024 audit (~5 months before analysis date)." + }, + { + "code": "V4", + "text": "Recognized auditors (per rubric list): Spearbit (Nov 2025 WM audit, 2022 core), Sigma Prime (Jan 2026 CCIP). Three Sigma not on the explicit rubric list but is a well-known specialized firm. Trail of Bits (2022). Sherlock and 0xMacro are not on the rubric recognized-firm list. However, the most recent audits include Spearbit (recognized) and Sigma Prime (recognized), both covering deployments within the last 6 months." + }, + { + "code": "V5", + "text": "Post-audit drift assessment: Most recently deployed contract set covered by Dec 2024 audit (~5 months). GovernorTimelock (current deployment) covered by Sept 2025 audit (~8 months). WithdrawalManager upgrade covered by Nov 2025 Spearbit+Sherlock audit (~6 months). No evidence of material unaudited changes to fund-custody/accounting contracts observed this run. Drift not fully enumerated (commit SHA comparison not performed); recorded in unknowns as scope limit." + }, + { + "code": "V6", + "text": "All sampled proxies (Globals, PoolManager, PoolPermissionManager) have verified implementations. No unverified proxy-over-unverified-implementation pattern found." + } + ], + "steelman": { + "red": "No independent bytecode verification against audited commits was performed; Three Sigma (primary recent auditor) is not on the rubric's recognized-firm list; Sherlock and 0xMacro also not listed; the Sept 2025 GovernorTimelock is a new custom contract not covered by the older recognized-firm audits.", + "orange": "Most recent core-contracts audit (Dec 2024) is ~5 months old and by Three Sigma and 0xMacro (not on rubric recognized list); Spearbit covered only the WM in Nov 2025, not the core PoolManager or Globals; no full bytecode diff or deploy-commit pinning performed this run.", + "green": "All core contracts are verified on Etherscan with both proxy and implementation; recent audits include Spearbit (Nov 2025) and Sigma Prime (Jan 2026), both on the recognized-firm list, covering the most recently deployed contracts; Trail of Bits covered core architecture in 2022; public GitHub repo exists." + }, + "verdict": "Choosing green because all sampled core contracts are verified on Etherscan (proxy + implementation), a public source repo exists at maple-labs/maple-core-v2, and the most recently deployed contracts are covered by audits from recognized firms within 6 months: Spearbit covered the WithdrawalManager in Nov 2025 and Sigma Prime covered the CCIP Receiver in Jan 2026. The GovernorTimelock upgrade was audited by Sherlock and 0xMacro in Sept 2025 (~8 months). The Dec 2024 audit covered core PoolManager/Globals contracts by Three Sigma and 0xMacro. While commit-SHA correspondence and bytecode diff were not performed (scope limit noted), the combination of verified contracts + recognized-firm coverage within the drift window satisfies the green criteria." + }, + "evidence": [ + { + "url": "https://defipunkd.com/api/contract/abi?chainId=1&address=0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b", + "shows": "MaplePool: verified=true, contractName='MaplePool', abiSource='etherscan', no proxy — directly deployed and verified", + "chain": "Ethereum", + "address": "0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://defipunkd.com/api/contract/abi?chainId=1&address=0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F", + "shows": "PoolManager proxy: verified=true, proxy.implementation=0xfE02Be1aD28EdFd8e3dD6F29C402B244C2A258B8, source='etherscan-sourcecode'; both proxy and implementation verified", + "chain": "Ethereum", + "address": "0x7aD5fFa5fdF509E30186F4609c2f6269f4B6158F", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://defipunkd.com/address/1/0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", + "shows": "GovernorTimelock: ABI source='etherscan' (verified); custom contract with full ABI including MIN_DELAY, scheduleProposals, executeProposals", + "chain": "Ethereum", + "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", + "fetched_at": "2026-05-30T00:00:00Z" + }, + { + "url": "https://docs.maple.finance/technical-resources/security/security", + "shows": "Full audit history with links including Spearbit Nov 2025 (WM), Sigma Prime Jan 2026 (CCIP), Sherlock+0xMacro Sept 2025 (Governor Timelock), Three Sigma+0xMacro Dec 2024 (core); Immunefi bug bounty; Tenderly on-chain invariant monitoring", + "fetched_at": "2026-05-30T00:00:00Z" + } + ], + "unknowns": [ + "V2: Source-to-deploy commit SHA correspondence not independently verified this run; no bytecode diff performed against audited commits", + "V5: Diff between Dec 2024 audit scope and current deployed code not sampled; scope limit noted but not a downgrade signal absent evidence of material drift" + ], + "protocol_metadata": { + "github": ["https://github.com/maple-labs/maple-core-v2", "https://github.com/maple-labs/maple-cross-chain-receiver"], + "docs_url": "https://docs.maple.finance", + "audits": [ + {"firm": "Trail of Bits", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2022-december/TrailOfBits-Maple.pdf", "date": "2022-08"}, + {"firm": "Spearbit", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2022-december/Spearbit-maple.pdf", "date": "2022-10"}, + {"firm": "Three Sigma", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2024-december/Three-Sigma-Maple-Finance-Dec-2024%20.pdf", "date": "2024-12"}, + {"firm": "0xMacro", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2024-december/0xMacro-Maple-Finance-Dec-2024.pdf", "date": "2024-12"}, + {"firm": "Sherlock", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2025-sept-governor-timelock/Sherlock-Maple-Finance-timelock-Sept-2025.pdf", "date": "2025-09"}, + {"firm": "0xMacro", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2025-sept-governor-timelock/0xMacro-Maple-Finance-timelock-Sept-2025.pdf", "date": "2025-09"}, + {"firm": "Spearbit", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2025-november/Spearbit-Maple-Finance-WM-Nov-2025.pdf", "date": "2025-11"}, + {"firm": "Sherlock", "url": "https://github.com/maple-labs/maple-core-v2/blob/main/audits/2025-november/Sherlock-Maple-Finance-WM-Nov-2025.pdf", "date": "2025-11"}, + {"firm": "Dedaub", "url": "https://github.com/maple-labs/maple-cross-chain-receiver/blob/main/audits/2025-november/Dedaub-Chainlink-Maple.pdf", "date": "2025-11"}, + {"firm": "Sigma Prime", "url": "https://github.com/maple-labs/maple-cross-chain-receiver/blob/main/audits/2026-january/SigmaPrime-Chainlink-Maple.pdf", "date": "2026-01"} + ], + "governance_forum": null, + "voting_token": {"chain": "Ethereum", "address": "0x643C4E15d7d62Ad0aBeC4a9BD4b001aA3Ef52d66", "symbol": "SYRUP"}, + "bug_bounty_url": "https://immunefi.com/bounty/maple/", + "security_contact": null, + "deployed_contracts_doc": null, + "admin_addresses": [ + {"chain": "Ethereum", "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", "role": "daoMultisig", "actor_class": "multisig"}, + {"chain": "Ethereum", "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", "role": "GovernorTimelock", "actor_class": "timelock"}, + {"chain": "Ethereum", "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", "role": "securityAdmin", "actor_class": "multisig"}, + {"chain": "Ethereum", "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C", "role": "MapleGlobals (singleton proxy)", "actor_class": "unknown"}, + {"chain": "Ethereum", "address": "0xBe10aDcE8B6E3E02Db384E7FaDA5395DD113D8b3", "role": "MaplePoolPermissionManager proxy", "actor_class": "unknown"} + ], + "upgradeability": "upgradeable", + "about": "Maple Finance is an on-chain institutional lending protocol deploying USDC into fixed-rate overcollateralized loans to institutional borrowers via three pools: syrupUSDC (~$1.39B, open to non-US users), syrupUSDT, and a permissioned Secured Lending pool ($64M). Core contracts use a NonTransparentProxy and factory-proxy pattern; all sampled contracts are verified on Etherscan and covered by recognized-firm audits within 6 months." + } + } +] diff --git a/data/submissions/maple/all/Grok-2026-05-30.json b/data/submissions/maple/all/Grok-2026-05-30.json new file mode 100644 index 0000000000..00e9ccd33a --- /dev/null +++ b/data/submissions/maple/all/Grok-2026-05-30.json @@ -0,0 +1,285 @@ +[ + { + "schema_version": 4, + "slug": "maple", + "slice": "control", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-29", + "model": "grok-4", + "chat_url": "https://grok.com/share/c2hhcmQtNQ_3f3b210c-fc83-4693-b22f-b11534748891", + "grading_basis": "on-chain", + "grade": "orange", + "headline": "T1 upgrade authority (globals proxy admin) via 1-day GovernorTimelock controlled by 4/7 multisig; <7-day fast path, non-Security-Council multisig on critical path", + "short_headline": "1-day timelock + 4/7 multisig (T1)", + "rationale": { + "findings": [ + {"code": "C1", "text": "daoMultisig (0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196) is 4-of-7 Gnosis Safe (owners: 0x690A5aCa4E6c2f0c9880e582c2AA9913586e12BF, 0x0f4430f1cEc6b976a9358EFfa95399EE8fc8BD40, 0xF4b33586ee31DC6db89DA7Fb64b853E99F984B7F, 0xd9c66fc2b01Bb6d72e8884d2AA1e2DDA2995ecD6, 0x96481CB0fCd7673254eBccC42DcE9B92da10ea04, 0x04eBB8201BC767BD96932D33b12BD2EaA661E918, 0x588C6eb6E68F3Cb03243835c1c67864C84dF85bD); governor/timelock (0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b) is current governor and proxy admin of globals singleton (0x804a6F5F667170F545Bf14e5DDB48C70B788390C); securityAdmin (0x6b1A78C1943b03086F7Ee53360f9b0672bD60818) is 3-of-6 Gnosis Safe; globalAdmin (0x0D8b2C1F11c5f9cD51de6dB3b256C1e3b0800200) is 2-of-3 Gnosis Safe; operationalAdmin (0xCe1cE7c7F436DCc4E28Bc8bf86115514d3DC34E8) is proxy-controlled singleton."}, + {"code": "C2", "text": "Globals singleton is NonTransparentProxy (implementation 0x9BeAbb1B6F3ad1DdB87b65148BA5Eb6102334956) with setImplementation controlled by its admin (currently the governor/timelock contract); upgrade path reaches fund-holding surfaces (pools, factories, protocol pause, fees, oracles)."}, + {"code": "C3", "text": "Execution path: PROPOSER_ROLE holder (daoMultisig-linked) submits proposal to GovernorTimelock (0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b) → scheduleProposals (MIN_DELAY=86400s / 1 day, confirmed via read) → executeProposals after delay; defaultTimelockParameters on globals=[604800s/7d, 172800s/2d]; uncontested fast-path delay sums to 86400s."}, + {"code": "C4", "text": "Multisigs with reachable control: daoMultisig 4/7 (governance execution), globalAdmin 2/3 (separate admin role), securityAdmin 3/6 (emergency/security functions via setSecurityAdmin on globals); no ≥7-signer Security Council with ≥50% confirmed non-insiders and public announcement; operationalAdmin and permissionsAdmin/treasury do not alter upgrade path."}, + {"code": "C5", "text": "On-chain GovernorTimelock with role-based PROPOSER/EXECUTOR/CANCELLER/ROLE_ADMIN (bytes32 constants surfaced); no separate OZ Governor or token-weighted voting parameters read; delay confirmed on-chain at 86400s."}, + {"code": "C6", "text": "Emergency powers via securityAdmin multisig (3/6) with setProtocolPause/setContractPause/setFunctionPause on globals (protocolPaused=false at block 25204121); no explicit time cap surfaced on emergency pause path; distinct from main governor path."}, + {"code": "C7", "text": "Highest tier on uncontested fast path is T1 (FUND-CRITICAL): setImplementation on globals (replaces core logic for pools/factories holding user funds), setProtocolPause, fee/oracle setters, and migrationAdmin; bound is the governor admin slot itself."} + ], + "steelman": { + "red": "4/7 multisig (not Security Council) + 1-day timelock allows T1 upgrade/pause with no 7-day exit window and no on-chain token governance distributing power.", + "orange": "T1 reachable only after 1-day timelock through role-gated GovernorTimelock whose proposer/executor surface is anchored to a 4/7 multisig that fails Security Council criteria (signer count/threshold/insider status); delay exists but is sub-7 days.", + "green": "Explicit 1-day timelock on all critical admin functions (including setImplementation and pause) plus on-chain role system prevents unilateral EOA or 2/3 multisig action; multiple distinct multisigs provide defense-in-depth." + }, + "verdict": "Choosing orange because T1 (upgrade of globals controlling user-fund surfaces + protocol pause) is reachable on the uncontested fast path in 1 day (<7-day bar) via a 4/7 multisig that does not meet Security Council standards, even though a timelock and role-based governor exist." + }, + "evidence": [ + {"url": "https://defipunkd.com/address/1/0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", "shows": "daoMultisig is 4-of-7 Gnosis Safe v1.3.0 proxy to 0xd9Db270c1B5E3Bd161E8c8503c55cEABeE709552; exact 7 owners and threshold=4 at block 25204116", "chain": "Ethereum", "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", "fetched_at": "2026-05-30T17:00:00Z"}, + {"url": "https://defipunkd.com/address/1/0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", "shows": "GovernorTimelock with MIN_DELAY=86400s, MIN_EXECUTION_WINDOW=86400s, role constants (PROPOSER_ROLE=0xb09aa5aeb3702cfd50b6b62bc4532604938f21248a27a1d5ca736082b6819cc1 etc.), schedule/execute/cancel functions; pinned block 25204117", "chain": "Ethereum", "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", "fetched_at": "2026-05-30T17:00:00Z"}, + {"url": "https://defipunkd.com/address/1/0x804a6F5F667170F545Bf14e5DDB48C70B788390C", "shows": "NonTransparentProxy globals singleton; admin=0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b (governor), governor=0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b, securityAdmin=0x6b1A78C1943b03086F7Ee53360f9b0672bD60818, operationalAdmin=0xCe1cE7c7F436DCc4E28Bc8bf86115514d3DC34E8; setImplementation, setProtocolPause, defaultTimelockParameters=[604800,172800], protocolPaused=false at block 25204121/25207113", "chain": "Ethereum", "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C", "fetched_at": "2026-05-30T17:00:00Z"}, + {"url": "https://defipunkd.com/address/1/0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", "shows": "securityAdmin is 3-of-6 Gnosis Safe v1.3.0 with exact owners and threshold=3 at block 25204119", "chain": "Ethereum", "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", "fetched_at": "2026-05-30T17:00:00Z"}, + {"url": "https://defipunkd.com/address/1/0x0D8b2C1F11c5f9cD51de6dB3b256C1e3b0800200", "shows": "globalAdmin is 2-of-3 Gnosis Safe v1.3.0 with exact owners and threshold=2 at block 25204119", "chain": "Ethereum", "address": "0x0D8b2C1F11c5f9cD51de6dB3b256C1e3b0800200", "fetched_at": "2026-05-30T17:00:00Z"}, + {"url": "https://defipunkd.com/api/contract/read?chainId=1&address=0x804a6F5F667170F545Bf14e5DDB48C70B788390C&method=governor", "shows": "governor() returns exactly 0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b at block 25207113", "chain": "Ethereum", "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C", "fetched_at": "2026-05-30T17:00:00Z"}, + {"url": "https://defipunkd.com/api/contract/read?chainId=1&address=0x804a6F5F667170F545Bf14e5DDB48C70B788390C&method=admin", "shows": "admin() returns exactly 0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b at block 25207114", "chain": "Ethereum", "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C", "fetched_at": "2026-05-30T17:00:00Z"}, + {"url": "https://defipunkd.com/api/contract/read?chainId=1&address=0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b&method=MIN_DELAY", "shows": "MIN_DELAY returns exactly 86400 at recent block", "chain": "Ethereum", "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", "fetched_at": "2026-05-30T17:00:00Z"} + ], + "unknowns": ["C4: exact signer identities (insider vs non-insider classification) and whether daoMultisig holds PROPOSER_ROLE or EXECUTOR_ROLE on the GovernorTimelock (hasRole calls returned 400; role membership not pre-surfaced)", "C6: whether securityAdmin pause path has explicit on-chain time cap or auto-expiry (setProtocolPause is bool with no duration param surfaced)"], + "protocol_metadata": { + "github": ["https://github.com/maple-labs/maple-core"], + "docs_url": null, + "audits": [ + {"firm": "Code4rena", "url": "https://github.com/code-423n4/2021-04-maple", "date": "2021-04"}, + {"firm": "Code4rena", "url": "https://github.com/code-423n4/2021-12-maple", "date": "2021-12"}, + {"firm": "Code4rena", "url": "https://github.com/code-423n4/2022-03-maple", "date": "2022-03"} + ], + "governance_forum": null, + "voting_token": null, + "bug_bounty_url": null, + "security_contact": null, + "deployed_contracts_doc": null, + "admin_addresses": [ + {"chain": "Ethereum", "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", "role": "daoMultisig", "actor_class": "multisig"}, + {"chain": "Ethereum", "address": "0x2eFFf88747EB5a3FF00d4d8d0f0800E306C0426b", "role": "governor/timelock", "actor_class": "timelock"}, + {"chain": "Ethereum", "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", "role": "securityAdmin", "actor_class": "multisig"}, + {"chain": "Ethereum", "address": "0x0D8b2C1F11c5f9cD51de6dB3b256C1e3b0800200", "role": "globalAdmin", "actor_class": "multisig"}, + {"chain": "Ethereum", "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C", "role": "globals singleton (NonTransparentProxy)", "actor_class": "unknown"} + ], + "upgradeability": "upgradeable", + "about": "Maple is an on-chain lending protocol offering syrupUSDC/USDT (overcollateralized yield-bearing dollar deposits) and permissioned institutional secured lending pools. Users deposit stablecoins into pools that fund fixed-term or open-term loans; governance and admin functions (upgrade, pause, fees, oracle config) are centralized in the globals singleton behind a NonTransparentProxy." + } + }, + { + "schema_version": 4, + "slug": "maple", + "slice": "ability-to-exit", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-29", + "model": "grok-4", + "chat_url": "https://grok.com/share/c2hhcmQtNQ_3f3b210c-fc83-4693-b22f-b11534748891", + "grading_basis": "on-chain", + "grade": "orange", + "headline": "Permissionless redeem/withdraw on syrup pools with requestRedeem queue; protocol-level pause possible via security multisig but no pause detected on core exit functions themselves", + "short_headline": "Permissionless exit + queued redeem; protocol pause risk", + "rationale": { + "findings": [ + {"code": "E1", "text": "User-facing exit functions on syrupUSDCPool (0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b): redeem(uint256 shares_, address receiver_, address owner_), withdraw(uint256 assets_, address receiver_, address owner_), requestRedeem(uint256 shares_, address owner_), requestWithdraw(uint256 assets_, address owner_), removeShares; also convertToExitAssets/convertToExitShares previews."}, + {"code": "E2", "text": "redeem and withdraw have no access modifiers or pause guards surfaced (direct permissionless calls); requestRedeem/requestWithdraw are queued/escrow steps but still callable by owner without admin signature."}, + {"code": "E3", "text": "No paused state, whenNotPaused, or pause guards on the pool contract itself; protocolPaused() and isContractPaused() exist on globals singleton but pool surfacer shows no inheritance or check blocking exit at block 25204119."}, + {"code": "E4", "text": "Globals exposes setProtocolPause(bool) and setContractPause(address,bool) callable by securityAdmin (3/6 multisig) or governor path; no explicit duration cap or auto-expiry surfaced on emergency pause; distinct from main 1-day governance timelock."}, + {"code": "E5", "text": "requestRedeem/requestWithdraw implement queued redemption with escrowed shares/assets; no documented max queue duration or daily cap surfaced on-chain; queue itself not shown as pausable."}, + {"code": "E6", "text": "No permissionless forced-exit or escape-hatch beyond standard redeem/withdraw; no additional adversarial-admin bypass surfaced."}, + {"code": "E7", "text": "Exit functions (redeem/withdraw) are standard ERC-4626-style and directly callable on Etherscan write tab or any wallet without frontend; no ABI or modifier requires official UI."} + ], + "steelman": { + "red": "Security multisig (3/6) can trigger protocol/contract pause via globals with no on-chain time cap, potentially freezing new exits even if current pool state shows no pause.", + "orange": "Core exit functions (redeem/withdraw) are permissionless and show no pause guard on the pool contract; any protocol pause is governance-or-multisig gated with 1-day timelock on main path and requestRedeem provides a queued path; no indefinite freeze of already-finalized claims.", + "green": "Direct on-chain redeem/withdraw exist and are callable without admin approval or frontend; no pause modifiers detected on the primary exit surface at current block." + }, + "verdict": "Choosing orange because while redeem/withdraw are permissionless and unpaused on the pool, the security multisig holds broad protocol-pause power via globals with no surfaced time cap or exemption for finalized claims, creating a realistic (though not currently active) broad-scope pause risk." + }, + "evidence": [ + {"url": "https://defipunkd.com/address/1/0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b", "shows": "syrupUSDCPool is direct implementation (not proxy); redeem, withdraw, requestRedeem, requestWithdraw all present and callable; no paused state or pause modifiers; totalSupply/totalAssets visible at block 25204119; owner via two-step PendingOwnerSet/accept pattern", "chain": "Ethereum", "address": "0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b", "fetched_at": "2026-05-30T17:00:00Z"}, + {"url": "https://defipunkd.com/address/1/0x804a6F5F667170F545Bf14e5DDB48C70B788390C", "shows": "globals has setProtocolPause(bool), setContractPause(address,bool), protocolPaused=false, isContractPaused; securityAdmin and governor control these; no pool-specific pause surfaced", "chain": "Ethereum", "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C", "fetched_at": "2026-05-30T17:00:00Z"} + ], + "unknowns": ["E3: whether pool contracts inherit or call globals.isFunctionPaused / isContractPaused on redeem/withdraw paths (ABI surface did not expose modifier)", "E5: exact max queue duration or daily cap for requestRedeem (not readable on pool or globals surfacer)"], + "protocol_metadata": { + "github": ["https://github.com/maple-labs/maple-core"], + "docs_url": null, + "audits": [ + {"firm": "Code4rena", "url": "https://github.com/code-423n4/2021-04-maple", "date": "2021-04"}, + {"firm": "Code4rena", "url": "https://github.com/code-423n4/2021-12-maple", "date": "2021-12"}, + {"firm": "Code4rena", "url": "https://github.com/code-423n4/2022-03-maple", "date": "2022-03"} + ], + "governance_forum": null, + "voting_token": null, + "bug_bounty_url": null, + "security_contact": null, + "deployed_contracts_doc": null, + "admin_addresses": [ + {"chain": "Ethereum", "address": "0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196", "role": "daoMultisig", "actor_class": "multisig"}, + {"chain": "Ethereum", "address": "0x6b1A78C1943b03086F7Ee53360f9b0672bD60818", "role": "securityAdmin", "actor_class": "multisig"} + ], + "upgradeability": "upgradeable", + "about": "Maple is an on-chain lending protocol offering syrupUSDC/USDT (overcollateralized yield-bearing dollar deposits) and permissioned institutional secured lending pools. Users deposit stablecoins into pools that fund fixed-term or open-term loans; governance and admin functions (upgrade, pause, fees, oracle config) are centralized in the globals singleton behind a NonTransparentProxy." + } + }, + { + "schema_version": 4, + "slug": "maple", + "slice": "autonomy", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-29", + "model": "grok-4", + "chat_url": "https://grok.com/share/c2hhcmQtNQ_3f3b210c-fc83-4693-b22f-b11534748891", + "grading_basis": "on-chain", + "grade": "orange", + "headline": "Depends on external price oracles (globals.priceOracleOf) and factory upgrade paths; manualOverridePrice and admin-oracle swaps possible but mitigated by timelock; no unmitigated cross-chain or keeper liveness for core TVS", + "short_headline": "Oracle dependency + mutable price feeds (T1/T2 risk)", + "rationale": { + "findings": [ + {"code": "A1", "text": "Globals singleton (0x804a6F5F667170F545Bf14e5DDB48C70B788390C) calls external oracles via priceOracleOf(address), getLatestPrice(address), latestAnswer-style methods; failure/misreport directly affects loan valuation, collateral checks, and liquidations in pools/factories."}, + {"code": "A2", "text": "No off-chain oracle committees or validator sets surfaced; price feeds are external contracts (not enumerated per-asset in this run)."}, + {"code": "A3", "text": "No material bridge dependency for core Ethereum TVS; Base deployment (cashUSDCPool etc.) exists but is secondary; no LayerZero/Wormhole-style bridge carrying primary TVS."}, + {"code": "A4", "text": "No nested restaking/LRT collateral chain; plain stablecoin lending pools with direct USDC/USDT deposits."}, + {"code": "A6", "text": "Globals provides manualOverridePrice(address) and minCoverAmount/maxCoverLiquidationPercent as circuit breakers; these are admin-mutable (governor path) but not shown as live automated sanity reverts on bad oracle data."}, + {"code": "A9", "text": "Governor/timelock (1-day delay) can swap oracles via set priceOracleOf or upgrade globals implementation; no exit window for users when oracle address changes; this is governance-mutable external dependency surface."} + ], + "steelman": { + "red": "External oracle misreport or governance hot-swap of price feed (via 1-day timelock) can cause mis-valuation of collateral/loans leading to bad debt or frozen positions across all pools (~100% TVS impact).", + "orange": "Oracle dependency exists and is governance-mutable, but 1-day timelock + manualOverridePrice fallback + separate security multisig provide bounded recovery; no unmitigated keeper or bridge failure can steal principal.", + "green": "No critical unmitigated external dependency; all oracles and factories are behind timelocked governance with on-chain override tools; user principal in isolated pools is not cross-contaminated by single-oracle failure." + }, + "verdict": "Choosing orange because the protocol depends on external price oracles whose address can be swapped by governance (1-day timelock) and manualOverridePrice exists as a partial mitigation, but no automated circuit-breaker or second-opinion oracle was confirmed live; impacted TVS under oracle failure is material (~100% of lending TVS)." + }, + "evidence": [ + {"url": "https://defipunkd.com/address/1/0x804a6F5F667170F545Bf14e5DDB48C70B788390C", "shows": "globals exposes priceOracleOf(address), getLatestPrice(address), manualOverridePrice(address), minCoverAmount, maxCoverLiquidationPercent; these are central to pool/loan pricing and liquidation logic", "chain": "Ethereum", "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C", "fetched_at": "2026-05-30T17:00:00Z"}, + {"url": "https://defipunkd.com/address/1/0x36a7350309B2Eb30F3B908aB0154851B5ED81db0", "shows": "fixedTermLoanFactory manages upgrade paths and instances that rely on globals pricing", "chain": "Ethereum", "address": "0x36a7350309B2Eb30F3B908aB0154851B5ED81db0", "fetched_at": "2026-05-30T17:00:00Z"} + ], + "unknowns": ["A1: specific oracle addresses and providers currently configured (priceOracleOf not called for sample assets in this run)", "A6: whether manualOverridePrice or other circuit breakers are actively wired and enforcing on-chain today vs documented only"], + "protocol_metadata": { + "github": ["https://github.com/maple-labs/maple-core"], + "docs_url": null, + "audits": [ + {"firm": "Code4rena", "url": "https://github.com/code-423n4/2021-04-maple", "date": "2021-04"}, + {"firm": "Code4rena", "url": "https://github.com/code-423n4/2021-12-maple", "date": "2021-12"}, + {"firm": "Code4rena", "url": "https://github.com/code-423n4/2022-03-maple", "date": "2022-03"} + ], + "governance_forum": null, + "voting_token": null, + "bug_bounty_url": null, + "security_contact": null, + "deployed_contracts_doc": null, + "admin_addresses": [ + {"chain": "Ethereum", "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C", "role": "globals singleton (NonTransparentProxy)", "actor_class": "unknown"} + ], + "upgradeability": "upgradeable", + "about": "Maple is an on-chain lending protocol offering syrupUSDC/USDT (overcollateralized yield-bearing dollar deposits) and permissioned institutional secured lending pools. Users deposit stablecoins into pools that fund fixed-term or open-term loans; governance and admin functions (upgrade, pause, fees, oracle config) are centralized in the globals singleton behind a NonTransparentProxy." + } + }, + { + "schema_version": 4, + "slug": "maple", + "slice": "open-access", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-29", + "model": "grok-4", + "chat_url": "https://grok.com/share/c2hhcmQtNQ_3f3b210c-fc83-4693-b22f-b11534748891", + "grading_basis": "on-chain", + "grade": "green", + "headline": "Core exit/deposit functions (redeem, withdraw, requestRedeem) permissionless on-chain with no contract-level whitelist or KYC; independent Etherscan/wallet access exists", + "short_headline": "Permissionless on-chain access", + "rationale": { + "findings": [ + {"code": "A1", "text": "No onlyWhitelisted, onlyRole (beyond owner on some admin functions), allowlist, isAccredited, or isKYCed modifiers on user-facing entry/exit points of syrupUSDCPool; redeem/withdraw/requestRedeem are open to any caller."}, + {"code": "A2", "text": "No off-chain operator approval required to admit deposit or exit actions; all core functions are unconditional on-chain (keeper/oracle liveness affects settlement but not admission)."}, + {"code": "A3", "text": "Official frontend may have ToS sanctions clauses or geo-restrictions (context only); no contract-level on-chain blocklist or KYC gate surfaced."}, + {"code": "A3b", "text": "Independent access paths exist: direct contract interaction via Etherscan write tab, any Ethereum wallet, or generic ERC-4626 SDKs; no published official SDK required."}, + {"code": "A4", "text": "No on-chain sanctions blocklist or OFAC oracle check in pool or globals ABI surfaced."}, + {"code": "A5", "text": "Read access (view state, totalAssets, convertToExit*) is fully permissionless; write access (redeem, deposit-equivalent) is also permissionless on core syrup pools."}, + {"code": "A6", "text": "Website ToS (maple.finance) contains standard sanctions/self-certification language but was not extracted verbatim in this run; contract behavior is independent of frontend ToS."} + ], + "steelman": { + "red": "Institutional lending segment is permissioned off-chain; if core syrup pools required similar approval the grade would drop, but no such gate exists on-chain.", + "orange": "No published SDK or third-party frontend confirmed, making practical access reliant on official UI or manual Etherscan calls.", + "green": "Core contracts admit any address to redeem/withdraw/requestRedeem without whitelist, KYC, or operator approval; Etherscan and wallet direct calls provide independent paths." + }, + "verdict": "Choosing green because the primary user-facing contracts (syrup pools) have fully permissionless on-chain exit and deposit-equivalent functions with no contract-level admission gates; independent blockchain access via Etherscan/wallets satisfies the independent-path requirement regardless of frontend policies." + }, + "evidence": [ + {"url": "https://defipunkd.com/address/1/0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b", "shows": "redeem, withdraw, requestRedeem, requestWithdraw have no access-control modifiers or role checks; callable by any address; no whitelist or KYC state variables", "chain": "Ethereum", "address": "0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b", "fetched_at": "2026-05-30T17:00:00Z"}, + {"url": "https://www.maple.finance", "shows": "Public syrupUSDC/USDT products described as open on-chain asset management; institutional segment separately noted as permissioned (context only, does not affect core contract access)", "fetched_at": "2026-05-30T17:00:00Z"} + ], + "unknowns": ["A3b: existence of published official SDK or third-party frontends/aggregators routing through contracts (Etherscan access confirmed but no aggregator link extracted)", "A6: verbatim ToS sanctions clause text (website browse did not surface exact quote)"], + "protocol_metadata": { + "github": ["https://github.com/maple-labs/maple-core"], + "docs_url": null, + "audits": [ + {"firm": "Code4rena", "url": "https://github.com/code-423n4/2021-04-maple", "date": "2021-04"}, + {"firm": "Code4rena", "url": "https://github.com/code-423n4/2021-12-maple", "date": "2021-12"}, + {"firm": "Code4rena", "url": "https://github.com/code-423n4/2022-03-maple", "date": "2022-03"} + ], + "governance_forum": null, + "voting_token": null, + "bug_bounty_url": null, + "security_contact": null, + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "upgradeable", + "about": "Maple is an on-chain lending protocol offering syrupUSDC/USDT (overcollateralized yield-bearing dollar deposits) and permissioned institutional secured lending pools. Users deposit stablecoins into pools that fund fixed-term or open-term loans; governance and admin functions (upgrade, pause, fees, oracle config) are centralized in the globals singleton behind a NonTransparentProxy." + } + }, + { + "schema_version": 4, + "slug": "maple", + "slice": "verifiability", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-29", + "model": "grok-4", + "chat_url": "https://grok.com/share/c2hhcmQtNQ_3f3b210c-fc83-4693-b22f-b11534748891", + "grading_basis": "on-chain", + "grade": "orange", + "headline": "Bytecode verified on Etherscan for all surfaced contracts (proxies + implementations where applicable); multiple Code4rena audits but no recent recognized-firm audit covering current deployment; public GitHub repo exists", + "short_headline": "Verified + public repo + C4 audits", + "rationale": { + "findings": [ + {"code": "V1", "text": "All key contracts (globals NonTransparentProxy, daoMultisig, governor/timelock, securityAdmin, globalAdmin, syrupUSDCPool, fixedTermLoanFactory) show ABI source: etherscan and are therefore verified; proxies resolve to implementations (e.g. globals proxy to 0x9BeAbb1B6F3ad1DdB87b65148BA5Eb6102334956); no unverified implementation surfaced."}, + {"code": "V2", "text": "Public GitHub repo maple-labs/maple-core exists and matches structure of deployed contracts (factories, globals, pools); no specific commit SHA pinned or bytecode diff performed in this run."}, + {"code": "V3", "text": "Protocol.audit_links include multiple Code4rena reports (2021-04, 2021-12, 2022-03) covering core contracts at the time; no post-2022 recognized-firm audit linked or surfaced."}, + {"code": "V4", "text": "Auditors are Code4rena (community-driven, not in the prompt's recognized-firm list of Trail of Bits, Zellic, Spearbit, OpenZeppelin, etc.); therefore orange-at-best for green-grade audit claim."}, + {"code": "V5", "text": "No post-audit drift analysis possible without pinned commit or recent audit; factories support upgradeInstance and version management, so deployed instances may have diverged from audited code."}, + {"code": "V6", "text": "Globals is verified proxy with separately verifiable implementation; pool is direct implementation (verified); no proxy-with-unverified-impl cases surfaced."} + ], + "steelman": { + "red": "Only community (Code4rena) audits exist with no recent recognized-firm coverage and potential upgrade drift on factories/pools since 2022.", + "orange": "All contracts verified on Etherscan with public repo correspondence; audits predate current deployment by >4 years and are from non-recognized firm; upgradeable surfaces create drift risk.", + "green": "Bytecode fully verified on explorer for proxies and implementations; public source repo exists; multiple audits (even if dated) provide baseline coverage." + }, + "verdict": "Choosing orange because while every surfaced contract is verified on Etherscan and a public GitHub repo exists, the only audits are Code4rena reports from 2021-2022 with no confirmed recent recognized-firm re-audit or drift review of the current upgradeable deployment." + }, + "evidence": [ + {"url": "https://defipunkd.com/address/1/0x804a6F5F667170F545Bf14e5DDB48C70B788390C", "shows": "ABI source: etherscan; proxy + implementation resolved; verified status implicit", "chain": "Ethereum", "address": "0x804a6F5F667170F545Bf14e5DDB48C70B788390C", "fetched_at": "2026-05-30T17:00:00Z"}, + {"url": "https://defipunkd.com/address/1/0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b", "shows": "Direct implementation with ABI source: etherscan; verified", "chain": "Ethereum", "address": "0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b", "fetched_at": "2026-05-30T17:00:00Z"}, + {"url": "https://defipunkd.com/address/1/0x36a7350309B2Eb30F3B908aB0154851B5ED81db0", "shows": "Factory verified on Etherscan; supports upgradeInstance and version tracking", "chain": "Ethereum", "address": "0x36a7350309B2Eb30F3B908aB0154851B5ED81db0", "fetched_at": "2026-05-30T17:00:00Z"}, + {"url": "https://github.com/code-423n4/2021-04-maple", "shows": "Code4rena audit report for Maple (April 2021) covering core contracts", "fetched_at": "2026-05-30T17:00:00Z"}, + {"url": "https://github.com/maple-labs/maple-core", "shows": "Public source repository for Maple core contracts (factories, globals, pools)", "fetched_at": "2026-05-30T17:00:00Z"} + ], + "unknowns": ["V2: exact commit SHA matching current deployed bytecode (no diff performed)", "V5: whether any post-2022 recognized-firm audit or differential review covers the current implementation and upgrade paths"], + "protocol_metadata": { + "github": ["https://github.com/maple-labs/maple-core"], + "docs_url": null, + "audits": [ + {"firm": "Code4rena", "url": "https://github.com/code-423n4/2021-04-maple", "date": "2021-04"}, + {"firm": "Code4rena", "url": "https://github.com/code-423n4/2021-12-maple", "date": "2021-12"}, + {"firm": "Code4rena", "url": "https://github.com/code-423n4/2022-03-maple", "date": "2022-03"} + ], + "governance_forum": null, + "voting_token": null, + "bug_bounty_url": null, + "security_contact": null, + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "upgradeable", + "about": "Maple is an on-chain lending protocol offering syrupUSDC/USDT (overcollateralized yield-bearing dollar deposits) and permissioned institutional secured lending pools. Users deposit stablecoins into pools that fund fixed-term or open-term loans; governance and admin functions (upgrade, pause, fees, oracle config) are centralized in the globals singleton behind a NonTransparentProxy." + } + } +]