defirisk.co
rubric v1.7.0

UUPS _authorizeUpgrade correctly permissioned

Sanctum's assessment for RD-F-021 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

UUPS is an EVM proxy pattern. Solana uses BPF upgradeable loader for program upgrades. Upgrade authority for Infinity is the Sanctum Multisig. No in-program _authorizeUpgrade function exists. Not applicable.

Sources #

  • Docs
    Solana Program ModelSolana BPF upgradeable loader handles upgrades; no UUPS pattern; structurally inapplicableretrieved 2026-05-04

Methodology #

Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sanctum factor RD-F-021 score not_applicable collected_at 2026-05-04 18:49:23