★ Public initialize() without initializer modifier
Stargate Finance's assessment for RD-F-022 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Source inspection of all core contracts confirms no `initialize()` function exists in any inspected contract (StargatePool.sol, StargateBase.sol, StargateOFT.sol, StargateOFTAlt.sol, TokenMessaging.sol, StargateMultiRewarder.sol). Architecture is non-upgradeable constructor-based. This attack surface does not exist for Stargate v2.
Sources #
- Curator noteExtracted from 01-code-security.md — RD-F-022 finding; no URL cited in originalretrieved 2026-04-28
Methodology #
Determine whether any implementation contract exposes `initialize(…)` without the OpenZeppelin `initializer` modifier or equivalent initialization lock.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol stargate factor RD-F-022 score green collected_at 2026-04-28 01:38:41