Constructor calls _disableInitializers()

Aave v3's assessment for RD-F-023 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Aave v3 uses VersionedInitializable (revision-based guard) rather than OZ's _disableInitializers(). The revision mechanism prevents re-initialization at lower versions but is not the canonical pattern. T-10 noted 'VersionedInitializable correctly used but has historic reinitializer-footgun potential — not triggered.'

Sources #

GitHub
https://github.com/aave-dao/aave-v3-origin/blob/main/src/contracts/misc/aave-upgradeability/VersionedInitializable.solretrieved 2026-05-06

Methodology #

Determine whether implementation contract constructors call `_disableInitializers()` to prevent re-initialization of the implementation directly.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aave-v3 factor RD-F-023 score yellow collected_at 2026-04-27 23:28:46