★ Reinitializable implementation (no _disableInitializers)
Lombard Finance's assessment for RD-F-143 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Current LBTC proxy implementation 0x072072317469ebb6c340a47e41561c9c3b782bd9 (StakedLBTC, deployed 2026-04-24): Etherscan ABI shows empty constructor {inputs:[], stateMutability:nonpayable} with no confirmed _disableInitializers() call. BridgeV2 and older LBTC impl both confirmed to include _disableInitializers(). Inconsistency warrants yellow pending code-security-analyst static analysis. If _disableInitializers() confirmed absent in current impl -> [CRITICAL] red.
Sources #
- GitHubhttps://github.com/lombard-finance/evm-smart-contracts/blob/main/contracts/bridge/BridgeV2.solretrieved 2026-05-05
- https://etherscan.io/address/0x072072317469ebb6c340a47e41561c9c3b782bd9#coderetrieved 2026-05-05
Methodology #
Determine whether the implementation contract does not call `_disableInitializers()` in its constructor, leaving re-initialization possible.
See the full factor methodology and distribution across all protocols →