delegatecall with user-controlled target

M^0's assessment for RD-F-012 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

MinterGateway uses only staticcall for rate model reads (read-only, immutable target addresses). MToken.sol: no delegatecall. No user-controlled delegatecall target found in source inspection. Governor execution path is Cat 9 scope.

Sources #

GitHub
MinterGateway.sol sourceMinterGateway.sol — staticcall pattern onlyretrieved 2026-05-16

Methodology #

Determine whether any contract uses `delegatecall` where the target address is or can be user-supplied without an on-chain allowlist.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol m0 factor RD-F-012 score green collected_at 2026-05-16 09:46:19