defirisk.co
rubric v1.7.0

Public initialize() without initializer modifier

Ethena's assessment for RD-F-022 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

All four core contracts use constructor-based initialization. USDe: constructor(address admin). EthenaMinting V2: constructor(IUSDe _usde, IWETH9 _weth, address[] _assets, ...). StakedUSDeV2: constructor(IERC20 _asset, address initialRewarder, address owner). ENA: constructor-based. No initialize() function on any implementation contract. One-tx exploit vector does not exist.

Sources #

  • Etherscan
    StakedUSDeV2 EtherscanStakedUSDeV2 Etherscan — constructor-basedretrieved 2026-04-28
  • GitHub
    USDe.solUSDe.sol — constructor pattern, no initializeretrieved 2026-04-28
  • Etherscan
    EthenaMinting V2 EtherscanEthenaMinting V2 Etherscan — constructor-basedretrieved 2026-04-28
  • Etherscan
    USDe EtherscanUSDe Etherscan — constructor-based, no initialize()retrieved 2026-04-28

Methodology #

Determine whether any implementation contract exposes `initialize(…)` without the OpenZeppelin `initializer` modifier or equivalent initialization lock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ethena factor RD-F-022 score green collected_at 2026-04-28 13:58:51