UUPS _authorizeUpgrade correctly permissioned
Chainlink CCIP's assessment for RD-F-021 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No UUPS upgrade pattern used in any CCIP core contract. Router is immutable. ARM, OnRamp, OffRamp use constructor-based deployment not proxied. ARMProxy uses custom proxy (setARM() with owner control) not UUPS. ManyChainMultiSig and RBACTimelock are not upgradeable proxies. UUPS pattern is not applicable.
Sources #
- EtherscanARMProxy Etherscan — custom proxy with owner-controlled setARM()ARMProxy (0x411dE17f) — custom proxy, not UUPSretrieved 2026-05-16
- OffRamp.sol — immutable state variables set in constructor, no proxyOffRamp.sol — non-proxy, constructor-based initializationretrieved 2026-05-16
Methodology #
Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol chainlink-ccip factor RD-F-021 score not_applicable collected_at 2026-05-16 01:55:09