UUPS _authorizeUpgrade correctly permissioned
Cap (cUSD / stcUSD)'s assessment for RD-F-021 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
All inspected UUPS implementation contracts implement _authorizeUpgrade() with access control: CapToken.sol (checkAccess(bytes4(0))), StakedCap.sol (checkAccess(bytes4(0))), Lender.sol (checkAccess(bytes4(0))), EigenAgentManager.sol (checkAccess pattern), SymbioticNetworkMiddleware.sol (checkAccess(bytes4(0))), OFTLockboxUpgradeable.sol (onlyOwner). All upgrade paths require authorization via the AccessControl contract chain (Timelock → dev multisig).
Sources #
- GitHubStakedCap.sol — _authorizeUpgradecontracts/token/StakedCap.sol — _authorizeUpgrade: checkAccess(bytes4(0))retrieved 2026-05-17
- CapToken.sol — _authorizeUpgradecontracts/token/CapToken.sol — _authorizeUpgrade: checkAccess(bytes4(0))retrieved 2026-05-17
- Lender.sol — _authorizeUpgradecontracts/lendingPool/Lender.sol — _authorizeUpgrade: checkAccess(bytes4(0))retrieved 2026-05-17
Methodology #
Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).
See the full factor methodology and distribution across all protocols →