★ Public initialize() without initializer modifier

Pendle Finance's assessment for RD-F-022 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

VotingEscrowPendleMainchain uses initializer modifier in constructor. Market Factory V3 uses BoringOwnableUpgradeable with Initializable. Router action contracts are diamond facets with no separate initialize() needed. No evidence of unprotected public initialize() on any live implementation. Tree inspection found only PendleCrossChainOracleBaseApp_Init.sol with initialize in name (cross-chain helper, not core market).

Sources #

Etherscan
Pendle Market Factory V3 (BoringOwnableUpgradeable)Market Factory V3 Etherscan — BoringOwnableUpgradeableretrieved 2026-04-29
GitHub
VotingEscrowPendleMainchain.sol (initializer modifier in constructor)VotingEscrowPendleMainchain.sol — initializer modifier confirmedretrieved 2026-04-29

Methodology #

Determine whether any implementation contract exposes `initialize(…)` without the OpenZeppelin `initializer` modifier or equivalent initialization lock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pendle factor RD-F-022 score green collected_at 2026-04-28 21:09:40