★ Reinitializable implementation (no _disableInitializers)
Sanctum's assessment for RD-F-143 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Sanctum programs are Solana BPF/Anchor programs, not EVM proxy contracts. The _disableInitializers() OpenZeppelin pattern does not apply. Anchor's #[account(init)] constraint prevents double-initialization of data accounts. The EVM proxy re-initialization attack vector does not exist on Solana.
Sources #
- DocsSolana program model — not EVM proxySolana/Anchor program model: no EVM proxy pattern; account init constraints prevent re-initializationretrieved 2026-05-04
Methodology #
Determine whether the implementation contract does not call `_disableInitializers()` in its constructor, leaving re-initialization possible.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol sanctum factor RD-F-143 score not_applicable collected_at 2026-05-04 18:49:23