UUPS _authorizeUpgrade correctly permissioned
BENQI's assessment for RD-F-021 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Neither the Compound V2 lending contracts nor StakedAvax uses the UUPS pattern. The lending Comptroller uses Unitroller delegatecall proxy with admin-gated _setImplementation (not UUPS). StakedAvax uses OZ TransparentUpgradeableProxy / AccessControlUpgradeable pattern (not UUPS _authorizeUpgrade). Factor is not applicable to the deployed architecture.
Sources #
- GitHubQiErc20Delegator.sol — non-UUPS patternQiErc20Delegator.sol — admin-gated _setImplementation, not UUPS patternretrieved 2026-05-16
Methodology #
Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol benqi factor RD-F-021 score not_applicable collected_at 2026-05-16 11:02:12