P11 / GOVERNANCE AUDIT
Drift Three-Question Screen
Three questions predict the Drift attack profile. Three yes answers means the protocol could be drained the same way Drift was. Run this on every protocol in your portfolio monthly.
Q1
Can an admin assign an arbitrary oracle to a new collateral market without governance vote?
Drift could. It is how the CVT spoof token attack worked.
Q2
Is the timelock less than 48 hours?
Drift had zero timelock. That is the worst case.
Q3
Is the multisig 2 of 5 or below?
Compromise of 2 keys takes the protocol. Drift had this exact configuration.