UUPS _authorizeUpgrade correctly permissioned

Veda (BoringVault)'s assessment for RD-F-021 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Not applicable in the UUPS sense — BoringVault, AccountantWithRateProviders, AccountantWithFixedRate, ManagerWithMerkleVerification, and LayerZeroTeller are all immutable non-proxy contracts. No UUPS _authorizeUpgrade function exists because the architecture deliberately avoids upgradeable proxies. Score green (N/A-equivalent: factor moot, no UUPS pattern present).

Sources #

GitHub
BoringVault.sol — immutable, no UUPSBoringVault.sol — constructor-initialized, no proxy pattern, no _authorizeUpgraderetrieved 2026-05-17

Methodology #

Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-021 score green collected_at 2026-05-17 12:41:22