UUPS _authorizeUpgrade correctly permissioned

Lombard Finance's assessment for RD-F-021 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Lombard uses TransparentUpgradeableProxy pattern (not UUPS) for all proxy contracts: LBTC, Consortium, BridgeV2. With Transparent proxy, the upgrade path is via the ProxyAdmin calling upgradeToAndCall() — there is no _authorizeUpgrade() function to protect. The UUPS authorization check factor is N/A for Transparent proxy pattern.

Sources #

Etherscan
BridgeV2 Proxy EtherscanBridgeV2 proxy: TransparentUpgradeableProxyretrieved 2026-05-05
Etherscan
LBTC Proxy Etherscan — TransparentUpgradeableProxyLBTC proxy: TransparentUpgradeableProxy EIP-1967retrieved 2026-05-05

Methodology #

Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lombard factor RD-F-021 score not_applicable collected_at 2026-05-05 12:03:08