★ delegatecall/call in proposal execution without allowlist

Sky Lending (formerly MakerDAO)'s assessment for RD-F-039 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

DSPause executes governance spells via delegatecall to the winning spell's usr address from DSPauseProxy. No formal on-chain target allowlist. Codehash verification enforced (tag must match extcodehash(usr)). Mitigants: 48h GSM + Protego cancellation + governance hat weight requirement. Yellow (not red) given these structural mitigants and pattern audited since 2019.

Sources #

URL
https://www.defiscan.info/protocols/sky/ethereumretrieved 2026-04-28
Docs
https://docs.makerdao.com/smart-contract-modules/governance-module/pause-detailed-documentationretrieved 2026-04-28

Methodology #

Determine whether the governance executor contract uses `delegatecall` or `call` with proposal-supplied target, without enforcing an allowlist of permitted targets.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sky-lending factor RD-F-039 score yellow collected_at 2026-04-28 00:43:18