delegatecall with user-controlled target

mETH Protocol's assessment for RD-F-012 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Source inspection of core staking contracts found no delegatecall with user-controlled target. The transparent proxy pattern uses admin-controlled EIP-1967 implementation slot. No user-supplied delegatecall target identified in any inspected contract.

Sources #

GitHub
Mantle LSP Contracts — delegatecall pattern inspectionmantle-lsp/contracts source inspection — no user-controlled delegatecall found in core contractsretrieved 2026-05-16

Methodology #

Determine whether any contract uses `delegatecall` where the target address is or can be user-supplied without an on-chain allowlist.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol meth-protocol factor RD-F-012 score green collected_at 2026-05-16 02:17:50