CREATE2 factory permits same-address redeploy

SUNSwap (sun.io)'s assessment for RD-F-144 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No custom permissionless CREATE2 factory identified. V3 pool deployment uses UniswapV3PoolDeployer.sol (controlled by factory, not permissionless). V4 uses singleton PoolManager — pools are not separately deployed. No CREATE2 redeploy vulnerability surface identified.

Sources #

GitHub
SUNSwap V3 — factory-controlled pool deploymentsunswap-v3-contracts: UniswapV3PoolDeployer.sol (factory-controlled, not permissionless CREATE2); V4 singleton architectureretrieved 2026-05-17

Methodology #

Determine whether a CREATE2 factory deployment allows redeployment to the same address with different bytecode (via selfdestruct + redeploy pattern).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sunswap factor RD-F-144 score green collected_at 2026-05-17 14:37:31