defirisk.co
rubric v1.7.0

Reinitializable implementation (no _disableInitializers)

Save (formerly Solend)'s assessment for RD-F-143 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Solana BPF programs do not use EVM proxy patterns, _disableInitializers(), or OpenZeppelin Initializable. BPFLoaderUpgradeable replaces entire program bytecode directly, not via implementation+proxy+initializer. The reinitializer attack vector (taking over an unprotected proxy implementation) is structurally inapplicable to this Solana-native program.

Sources #

  • Internal
    SOLANA_GOVERNANCE.md — BPFLoaderUpgradeable upgrade mechanismSOLANA_GOVERNANCE.md — BPFLoaderUpgradeable vs EVM proxy; process-learnings.md §Solana pre-marks (F143 N/A for Solana substrate)retrieved 2026-05-17
  • Internal
    Save profile — Solana substrate EVM N/A flags.research/protocols/save/00-profile.md §11 [SOLANA SUBSTRATE — EVM factors N/A] — F143 structurally inapplicableretrieved 2026-05-17

Methodology #

Determine whether the implementation contract does not call `_disableInitializers()` in its constructor, leaving re-initialization possible.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-143 score not_applicable collected_at 2026-05-17 15:20:15