★ Reinitializable implementation (no _disableInitializers)

Compound V3 (Comet)'s assessment for RD-F-143 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

_disableInitializers() absent from compound-finance/comet (GitHub search: 0 results). Comet uses custom guard in initializeStorage(): 'if (lastAccrualTime != 0) revert AlreadyInitialized()'. Custom guard protects against re-running initializeStorage() but does not provide OZ-standard guarantee blocking all reinitializer(N) paths. If a future upgrade adds reinitializer(2), lastAccrualTime check would not catch it. Yellow (not red) because: (1) custom guard was in original 2022 OZ+ChainSecurity audited codebase, not flagged critical; (2) adequately covers primary attack vector; (3) OZ reviews each upgrade.

Sources #

GitHub
https://github.com/compound-finance/comet/blob/main/contracts/Comet.solretrieved 2026-04-28
GitHub
https://github.com/compound-finance/comet/search?q=disableInitializersretrieved 2026-04-28
Audit
https://www.openzeppelin.com/news/compound-iii-auditretrieved 2026-04-27

Methodology #

Determine whether the implementation contract does not call `_disableInitializers()` in its constructor, leaving re-initialization possible.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol compound-v3 factor RD-F-143 score yellow collected_at 2026-04-28 00:20:50