delegatecall with user-controlled target

Babylon Protocol's assessment for RD-F-012 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

EVM delegatecall opcode does not exist in Go (Cosmos SDK) or Rust (CosmWasm) execution contexts. Factor is structurally inapplicable. The analogous CosmWasm SubMsg pattern uses typed Rust messages, not arbitrary calldata. No evidence of uncontrolled SubMsg with user-supplied contract addresses in cosmos-bsn-contracts.

Sources #

Docs
Babylon x/btcstaking moduleCosmos SDK architecture (keeper-based, no delegatecall)retrieved 2026-05-04

Methodology #

Determine whether any contract uses `delegatecall` where the target address is or can be user-supplied without an on-chain allowlist.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol babylon-protocol factor RD-F-012 score not_applicable collected_at 2026-05-04 19:43:27