★ Public initialize() without initializer modifier

Liquid Collective (LsETH)'s assessment for RD-F-022 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Custom Initializable.sol constructor sets Version.set(type(uint256).max) locking all implementation contracts against re-initialization — equivalent to OZ _disableInitializers(). All initXxxV1() functions use external init(n) modifier that checks and increments version atomically preventing re-use. No unprotected public initialize() found across River.1.sol, Oracle.1.sol, RedeemManager.1.sol, OperatorsRegistry.1.sol, CoverageFund.1.sol, ELFeeRecipient.1.sol, Withdraw.1.sol, Allowlist.1.sol.

Sources #

GitHub
Initializable.sol — Liquid Collective custom init guardInitializable.sol — constructor sets Version to type(uint256).maxretrieved 2026-05-17
GitHub
River.1.sol — versioned init patternRiver.1.sol — initRiverV1 uses external init(0) modifierretrieved 2026-05-17

Methodology #

Determine whether any implementation contract exposes `initialize(…)` without the OpenZeppelin `initializer` modifier or equivalent initialization lock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol liquid-collective factor RD-F-022 score green collected_at 2026-05-16 19:46:23