UUPS _authorizeUpgrade correctly permissioned

ether.fi's assessment for RD-F-021 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

All sampled UUPS implementation contracts correctly implement _authorizeUpgrade(address) gated on roleRegistry.onlyProtocolUpgrader(msg.sender): LiquidityPool (line 572), EETH, WeETH (line 146), EtherFiOracle, WithdrawRequestNFT, EtherFiAdmin, NodeOperatorManager, RoleRegistry. No open or unchecked _authorizeUpgrade found across all sampled contracts.

Sources #

GitHub
LiquidityPool — _authorizeUpgrade gated on roleRegistry.onlyProtocolUpgraderLiquidityPool.sol line 572retrieved 2026-04-28
GitHub
WeETH — _authorizeUpgrade gated on roleRegistry.onlyProtocolUpgraderWeETH.sol line 146retrieved 2026-04-28

Methodology #

Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ether-fi factor RD-F-021 score green collected_at 2026-04-28 13:58:46