defirisk.co
rubric v1.7.0

delegatecall with user-controlled target

Falcon Finance's assessment for RD-F-012 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Closed-source; no Slither controlled-delegatecall output. TransparentUpgradeableProxy uses delegatecall internally (admin-controlled target). Cannot verify peripheral/post-TGE contracts.

Detail #

USDf and sUSDf proxies use TransparentUpgradeableProxy (EIP-1967) — delegatecall is used internally but the target is the admin-controlled implementation address, not user-supplied. Standard pattern. Post-TGE contracts (sFF-Prime, FF Staking Vault) cannot be verified due to closed source. Cannot confirm absence of user-controlled delegatecall in all deployed contracts.

Sources #

  • Etherscan
    USDf Proxy — EtherscanUSDf proxy: TransparentUpgradeableProxy EIP-1967; delegatecall admin-controlledretrieved 2026-05-12

Methodology #

Determine whether any contract uses `delegatecall` where the target address is or can be user-supplied without an on-chain allowlist.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol falcon-finance factor RD-F-012 score gray collected_at 2026-05-12 04:06:37