UUPS _authorizeUpgrade correctly permissioned

Falcon Finance's assessment for RD-F-021 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

USDf, sUSDf, and sFF all use TransparentUpgradeableProxy (EIP-1967), not UUPS. UUPS _authorizeUpgrade factor is N/A for Transparent proxy pattern.

Detail #

USDf proxy and sUSDf proxy are TransparentUpgradeableProxy (EIP-1967) as confirmed by Etherscan. sFF proxy (deployed Sep 29 2025) is also TransparentUpgradeableProxy confirmed on Etherscan. With Transparent proxy pattern, upgrades are controlled by the ProxyAdmin calling upgradeToAndCall() — no _authorizeUpgrade() function exists in the implementation. Factor is N/A.

Sources #

Etherscan
USDf Proxy — EtherscanUSDf proxy: TransparentUpgradeableProxy EIP-1967retrieved 2026-05-12
Etherscan
sFF Token Proxy — EtherscansFF proxy: TransparentUpgradeableProxy deployed Sep 29 2025retrieved 2026-05-12

Methodology #

Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol falcon-finance factor RD-F-021 score not_applicable collected_at 2026-05-12 04:06:37