delegatecall with user-controlled target

Kamino Lend's assessment for RD-F-012 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

EVM delegatecall opcode does not exist in Solana BPF. Anchor uses CPIs with explicit program IDs. Factor N/A.

No delegatecall equivalent exists in Solana. Cross-Program Invocations (CPIs) require explicit program accounts in the instruction context.

Determine whether any contract uses `delegatecall` where the target address is or can be user-supplied without an on-chain allowlist.

rubric_version v1.7.0 protocol kamino-lend factor RD-F-012 score not_applicable collected_at 2026-04-30 21:19:16