★ delegatecall/call in proposal execution without allowlist

Balancer (v2 + v3)'s assessment for RD-F-039 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Balancer uses Snapshot off-chain voting with no on-chain governor or executor contract. No proposal calldata is submitted to an on-chain governor for execution. The 6-of-11 multisig enacts Snapshot votes as discrete Safe transactions. v3 internal delegatecall uses fixed immutable addresses (VaultExtension, VaultAdmin), not proposal-supplied targets. No on-chain delegatecall proposal execution attack surface exists.

Sources #

Curator note
Data cache governance sectionData cache: governor_address: null — no on-chain governor existsretrieved 2026-05-05
Docs
Balancer v3 Vault APIv3 Vault API — delegatecall to fixed immutable VaultExtension/VaultAdmin addressesretrieved 2026-05-05

Methodology #

Determine whether the governance executor contract uses `delegatecall` or `call` with proposal-supplied target, without enforcing an allowlist of permitted targets.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol balancer factor RD-F-039 score gray collected_at 2026-05-05 12:41:36