defirisk.co
rubric v1.7.0

Reinitializable implementation (no _disableInitializers)

Frax Finance's assessment for RD-F-143 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

frxUSD implementation (0x0000000048d2c8baf31742f6765383278bada4d5): Etherscan source shows bare constructor() {} with no _disableInitializers() call. Implementation can be initialized directly, bypassing the proxy — reinit risk on the implementation itself. sfrxETH 0xac3E0184 is immutable (not a proxy) — no reinit risk. FRAX token is immutable. frx-OFT-upgradeable implementations: _disableInitializers() status unconfirmed. Primary risk surface is frxUSD implementation.

Sources #

  • Etherscan
    sfrxETH | EtherscansfrxETH 0xac3E0184 — Proxy Contract: None (immutable, no reinit risk)retrieved 2026-05-17
  • Etherscan
    FrxUSD Implementation | EtherscanfrxUSD impl 0x0000000048d2c8 source code: constructor() { } — no _disableInitializers() call presentretrieved 2026-05-17

Methodology #

Determine whether the implementation contract does not call `_disableInitializers()` in its constructor, leaving re-initialization possible.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol frax factor RD-F-143 score yellow collected_at 2026-05-16 20:44:31