★ delegatecall/call in proposal execution without allowlist

Euler V2's assessment for RD-F-039 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

EUL DAO TimelockController uses call() not delegatecall() for proposal execution. No target allowlist exists — any address can be a proposal target. Timelock delay (48h) and Security Council CANCELLER_ROLE provide soft protection. call() without allowlist means malicious proposals can call arbitrary external contracts. Lower severity than delegatecall but no allowlist.

Sources #

GitHub
EUL TimelockController — call() execution, no target allowlisteuler-xyz/euler-governance/blob/master/contracts/governance/TimelockController.solretrieved 2026-05-04
Docs
Euler Pause & Upgrade — CANCELLER_ROLE (Security Council + DAO)docs.euler.finance/security/pause-and-upgrade/retrieved 2026-05-04

Methodology #

Determine whether the governance executor contract uses `delegatecall` or `call` with proposal-supplied target, without enforcing an allowlist of permitted targets.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol euler-v2 factor RD-F-039 score yellow collected_at 2026-05-04 19:56:06