defirisk.co
rubric v1.7.0

delegatecall/call in proposal execution without allowlist

Ethena's assessment for RD-F-039 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No on-chain Governor or proposal executor contract exists. No proposal execution path with delegatecall or arbitrary call. Governance is Snapshot-only off-chain signal; execution is manual multisig signing. No delegatecall-in-proposal risk applies by construction.

Sources #

  • Curator note
    Data cache: governance.timelock_address null, governance.type snapshot_only.research/protocols/ethena/00-data-cache.jsonretrieved 2026-04-28

Methodology #

Determine whether the governance executor contract uses `delegatecall` or `call` with proposal-supplied target, without enforcing an allowlist of permitted targets.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ethena factor RD-F-039 score not_assessed collected_at 2026-04-28 13:58:51