★ Reinitializable implementation (no _disableInitializers)

Superstate's assessment for RD-F-143 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[STAR in scope] The current SuperstateToken.sol (GitHub main branch) calls _disableInitializers() in the constructor: constructor() { MINIMUM_ACCEPTABLE_PRICE = 7 * (10 ** uint256(DECIMALS)); _disableInitializers(); }. This prevents direct initialization of the implementation contract. Earlier deployed versions (0xADE87e81) also confirmed to have _disableInitializers(). No reinitializer vulnerability identified in deployed code.

Sources #

Etherscan
Prior USTB Implementation - _disableInitializers() ConfirmedSuperstateToken implementation 0xADE87e81dc2c6bbf53093b9a2c2543a2666BB1C0: _disableInitializers() confirmed in constructor via Etherscan code tabretrieved 2026-05-16
GitHub
SuperstateToken.sol - _disableInitializers() in ConstructorSuperstateToken.sol constructor: MINIMUM_ACCEPTABLE_PRICE = 7 * (10 ** uint256(DECIMALS)); _disableInitializers(); - confirmed in GitHub main branchretrieved 2026-05-16

Methodology #

Determine whether the implementation contract does not call `_disableInitializers()` in its constructor, leaving re-initialization possible.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol superstate factor RD-F-143 score green collected_at 2026-05-16 00:06:37