★ Public initialize() without initializer modifier

Ondo Finance's assessment for RD-F-022 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

USDY.sol uses OZ `initializer` modifier on initialize() and calls `_disableInitializers()` in constructor (confirmed via GitHub). OUSG implementation confirms OZ Initializable pattern. No unprotected initialize() found on live implementations.

Sources #

GitHub
https://github.com/ondoprotocol/usdy/blob/main/contracts/usdy/USDY.solretrieved 2026-04-28
Audit
https://code4rena.com/reports/2023-09-ondo/retrieved 2026-04-28
Etherscan
https://etherscan.io/address/0x1CEB44b6E515ABF009e0CCb6DDAfd723886CF3Ffretrieved 2026-04-28

Methodology #

Determine whether any implementation contract exposes `initialize(…)` without the OpenZeppelin `initializer` modifier or equivalent initialization lock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ondo-finance factor RD-F-022 score green collected_at 2026-05-14 12:01:55