UUPS _authorizeUpgrade correctly permissioned

Circle USYC's assessment for RD-F-021 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

YieldCoin implementation uses UUPS pattern with _authorizeUpgrade delegating to RolesAuthority contract (0x902D906b8d988092213bE799B18Bd2cbd64F808C). Not open to arbitrary callers — role-based access control gates upgrades. However, the RolesAuthority is itself an upgradeable proxy last upgraded 2025-11-20, and upgrade authority over the RolesAuthority appears held by the Hashnote Deployer EOA with no observed timelock. The function is not misconfigured (not open), but the delegated-to-upgradeable-proxy-without-timelock creates a nuanced yellow.

Sources #

Etherscan
RolesAuthorityProxy - EtherscanRolesAuthorityProxy 0x902D906b8d988092213bE799B18Bd2cbd64F808C verified; last upgraded 2025-11-20retrieved 2026-05-16
Etherscan
YieldCoin Implementation - EtherscanYieldCoin implementation source shows UUPS with authority-based _authorizeUpgraderetrieved 2026-05-16

Methodology #

Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol circle-usyc factor RD-F-021 score yellow collected_at 2026-05-15 21:56:43