UUPS _authorizeUpgrade correctly permissioned

Axelar Network's assessment for RD-F-021 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

AxelarGateway does not use the UUPS pattern; no _authorizeUpgrade function exists. Custom proxy upgrade is gated by onlyGovernance. The Upgradable.sol base restricts upgrade() to onlyOwner with contractId and code-hash validation. No open or permissionless upgrade path found.

Sources #

GitHub
Upgradable.sol - Upgrade Access ControlUpgradable.sol: upgrade() function external override onlyOwner with identity checksretrieved 2026-05-17

Methodology #

Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol axelar factor RD-F-021 score green collected_at 2026-05-16 21:57:49