UUPS _authorizeUpgrade correctly permissioned

M^0's assessment for RD-F-021 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Core contracts are immutable — no proxy/upgrade. SwapFacility uses TransparentUpgradeableProxy (no _authorizeUpgrade needed — ProxyAdmin restricts upgrades). HubPortal (ERC1967/UUPS) should define _authorizeUpgrade restriction in implementation. Covered by M-Portal and M-Extensions audits but implementation source not directly inspected for this factor.

Sources #

Etherscan
SwapFacility Proxy EtherscanSwapFacility proxy Etherscan — TransparentUpgradeableProxyretrieved 2026-05-16
Etherscan
HubPortal Proxy EtherscanHubPortal proxy Etherscan — ERC1967/UUPS patternretrieved 2026-05-16

Methodology #

Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol m0 factor RD-F-021 score yellow collected_at 2026-05-16 09:46:19