SELFDESTRUCT reachable from non-admin path

Liquity V1 + V2 (LUSD / BOLD)'s assessment for RD-F-011 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

v2 contracts (BorrowerOperations, TroveManager, StabilityPool) are non-upgradeable with constructor-based initialization. GitHub source inspection shows no selfdestruct in visible core contract code paths. v1 is 5-year battle-tested immutable with no exploit or selfdestruct finding from 3 ToB audits. No audit finding of SELFDESTRUCT in any engagement across either version.

Sources #

GitHub
Liquity v2 TroveManager.sol sourcev2 TroveManager source — no selfdestructretrieved 2026-05-16
GitHub
Liquity v2 BorrowerOperations.sol sourcev2 BorrowerOperations source — no selfdestructretrieved 2026-05-16

Methodology #

Determine whether any deployed contract contains the SELFDESTRUCT opcode in a code path reachable from a non-admin caller.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol liquity factor RD-F-011 score green collected_at 2026-05-16 10:35:50