★ delegatecall/call in proposal execution without allowlist

EigenLayer's assessment for RD-F-039 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No Governor Bravo-style arbitrary calldata executor exists. Governance operates through Protocol Council multisig signing specific on-chain transactions to known contract targets via the primary timelock. No delegatecall-to-user-supplied-target pattern found. Note: zero-delay timelock (0xC06F...) could theoretically relay arbitrary calls — flagged to code-security-analyst for deeper review.

Sources #

Etherscan
https://etherscan.io/address/0xA6Db1A8C5a981d1536266D2a393c5F8dDb210EAF#readContractretrieved 2026-05-06
URL
https://docs.eigenfoundation.org/protocol-governance/elip-processretrieved 2026-04-28

Methodology #

Determine whether the governance executor contract uses `delegatecall` or `call` with proposal-supplied target, without enforcing an allowlist of permitted targets.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol eigenlayer factor RD-F-039 score green collected_at 2026-04-28 13:58:44