UUPS _authorizeUpgrade correctly permissioned

Yearn Finance's assessment for RD-F-021 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Yearn V3 does not use UUPS proxy pattern. VaultFactory deploys minimal proxies with immutable implementations per version. No _authorizeUpgrade function exists. V2 vaults are also not UUPS. Factor is architecturally not applicable for Vyper-based non-UUPS vault systems.

Sources #

URL
Yearn V3 contracts — VaultFactory create2 minimal proxy, not UUPSYearn V3 VaultFactory architecture — not UUPSretrieved 2026-05-16

Methodology #

Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol yearn-finance factor RD-F-021 score not_applicable collected_at 2026-05-16 08:34:32