★ Public initialize() without initializer modifier

Polymarket's assessment for RD-F-022 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No unprotected initialize() found. CTFExchange V1/V2 use constructors (non-upgradeable). pUSD implementation has initialize(address) with initializer modifier AND _disableInitializers() in constructor. No F022 vulnerability present.

Sources #

Etherscan
pUSD CollateralToken implementation — properly guarded initialize()pUSD implementation: initialize(address _owner) external initializer; constructor: _disableInitializers()retrieved 2026-04-29
GitHub
CTF Exchange V2 — non-upgradeable, no initialize()ctf-exchange-v2 CTFExchange.sol — constructor pattern, no initialize()retrieved 2026-04-29

Methodology #

Determine whether any implementation contract exposes `initialize(…)` without the OpenZeppelin `initializer` modifier or equivalent initialization lock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-022 score green collected_at 2026-04-29 16:25:39