★ Public initialize() without initializer modifier

Aave v3's assessment for RD-F-022 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

VersionedInitializable pattern correctly applied across all Aave v3 implementation contracts. Revision counter prevents re-initialization at any version <= current revision — functionally equivalent to OZ initializer modifier. Certora FV covers initialization invariants. No unprotected initialize() found.

Detail #

T-10 noted this as the 'functional equivalent' finding and classified green. The VersionedInitializable.sol file is publicly inspectable. Methodology note surfaced in T-10 §2.3.6: 'RD-F-022 (VersionedInitializable vs _disableInitializers()) — Aave v3 pattern provides functional equivalent protection (revision tracking) but not canonical OZ; methodology should acknowledge functional equivalent middle state.'

Sources #

Internal
T-10 Aave v3 Cat 1 — RD-F-022 greenT-10 §2.3.2 RD-F-022 green finding + §2.3.6 methodology noteretrieved 2026-04-27
GitHub
https://github.com/aave-dao/aave-v3-origin/blob/main/src/contracts/misc/aave-upgradeability/VersionedInitializable.solretrieved 2026-05-06

Methodology #

Determine whether any implementation contract exposes `initialize(…)` without the OpenZeppelin `initializer` modifier or equivalent initialization lock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aave-v3 factor RD-F-022 score green collected_at 2026-04-27 23:28:46