★ delegatecall/call in proposal execution without allowlist

Babylon Protocol's assessment for RD-F-039 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cosmos SDK governance executes typed Protobuf messages through the module router (MsgUpdateParams, MsgSoftwareUpgrade, etc.). No EVM-style delegatecall or arbitrary call(target, calldata) in governance execution. Each proposal type maps to a typed handler routed to the relevant module keeper. No user-supplied target address, no delegatecall attack surface in Cosmos SDK governance architecture.

Sources #

GitHub
Babylon Genesis Chain — Custom ModulesBabylon x/ modules use typed Cosmos SDK message routing — no delegatecallretrieved 2026-05-04

Methodology #

Determine whether the governance executor contract uses `delegatecall` or `call` with proposal-supplied target, without enforcing an allowlist of permitted targets.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol babylon-protocol factor RD-F-039 score green collected_at 2026-05-04 19:43:27