defirisk.co
rubric v1.7.0

delegatecall with user-controlled target

Symbiotic's assessment for RD-F-012 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No published evidence of delegatecall with user-controlled target in Symbiotic core contracts. The protocol is a coordination layer (registries, opt-in services) not an execution framework. No audit findings cited this vector. No static analysis tool output available.

Sources #

  • Internal
    Symbiotic Data Cache - Static Analysis.research/protocols/symbiotic/00-data-cache.json: static_analysis=[]retrieved 2026-05-16

Methodology #

Determine whether any contract uses `delegatecall` where the target address is or can be user-supplied without an on-chain allowlist.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol symbiotic factor RD-F-012 score gray collected_at 2026-05-16 09:25:24