defirisk.co
rubric v1.7.0

UUPS _authorizeUpgrade correctly permissioned

Lista DAO's assessment for RD-F-021 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Protocol uses TransparentUpgradeableProxy pattern, not UUPS. BscScan confirms Interaction contract (0xB6..) is a TransparentUpgradeableProxy (contract name confirmed on BscScan). Upgrade is controlled via ProxyAdmin, not _authorizeUpgrade(). F021 tests UUPS-specific risk which does not apply here.

Sources #

  • Etherscan
    BscScan Interaction Proxy ContractBscScan 0xB68443Ee3e828baD1526b3e0Bdf2Dfc6b1975ec4 — contract name: TransparentUpgradeableProxy confirmedretrieved 2026-05-12

Methodology #

Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lista-dao factor RD-F-021 score not_applicable collected_at 2026-05-12 17:54:05