delegatecall with user-controlled target
StakeWise v3's assessment for RD-F-012 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No user-controlled delegatecall finding reported across 8 audit engagements. UUPS proxy upgrade target is admin-controlled via Ownable. Cannot run Slither locally.
Sources #
- AuditStakeWise v3-core audits directory — no delegatecall-user-controlled findingAbsence of user-controlled delegatecall finding across 8 audit engagementsretrieved 2026-05-16
Methodology #
Determine whether any contract uses `delegatecall` where the target address is or can be user-supplied without an on-chain allowlist.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol stakewise factor RD-F-012 score green collected_at 2026-05-16 01:03:28