defirisk.co
rubric v1.7.0

delegatecall with user-controlled target

Kinetiq's assessment for RD-F-012 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No user-controlled delegatecall target found. StakingManager uses standard value-transfer calls to fixed addresses. TransparentUpgradeableProxy delegatecall target (implementation) is controlled only by ProxyAdmin, not by users.

Sources #

  • GitHub
    StakingManager.solStakingManager.sol — no delegatecall with user-controlled targetretrieved 2026-05-17

Methodology #

Determine whether any contract uses `delegatecall` where the target address is or can be user-supplied without an on-chain allowlist.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol kinetiq factor RD-F-012 score green collected_at 2026-05-17 15:29:57