Arbitrary call with user-controlled target

EigenLayer's assessment for RD-F-013 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No published audit finding identifies arbitrary call-with-user-controlled-target in EigenLayer core contracts. StrategyManager calls only whitelisted strategy contracts. No open call-with-user-data pattern found in published analysis. Needs tool run for programmatic confirmation on deployed bytecode.

Sources #

GitHub
EigenLayer README — architectureLayr-Labs/eigenlayer-contracts/blob/main/README.md — architecture descriptionretrieved 2026-04-28

Methodology #

Determine whether any contract performs `.call(target, data)` where target and/or data is user-supplied without a target allowlist or selector filter.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol eigenlayer factor RD-F-013 score green collected_at 2026-04-28 13:58:44