UUPS _authorizeUpgrade correctly permissioned

QuickSwap's assessment for RD-F-021 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2 core and V3 Algebra core (factory, pools): immutable/directly-deployed contracts, no UUPS proxy pattern. V3 periphery (SwapRouter, NonfungiblePositionManager): deployed as proxy contracts on Polygon. The upgrade authorization for these periphery proxies has not been assessed in any publicly accessible audit. Cannot determine _authorizeUpgrade restriction from remote inspection without accessing the proxy's implementation source and admin slot.

Sources #

Etherscan
QuickSwap V3 SwapRouter Proxy — PolygonscanSwapRouter deployed as proxy — implementation/admin not audited in C4retrieved 2026-05-16

Methodology #

Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol quickswap factor RD-F-021 score gray collected_at 2026-05-16 08:48:31