delegatecall with user-controlled target

Save (formerly Solend)'s assessment for RD-F-012 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

EVM delegatecall opcode does not exist in the Solana BPF instruction set. Structurally inapplicable to Rust/BPF programs.

Sources #

GitHub
solendprotocol/solana-program-librarySolend program is Rust/BPF — no delegatecallretrieved 2026-05-17

Methodology #

Determine whether any contract uses `delegatecall` where the target address is or can be user-supplied without an on-chain allowlist.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-012 score not_applicable collected_at 2026-05-17 15:20:15