defirisk.co
rubric v1.7.0

UUPS _authorizeUpgrade correctly permissioned

Symbiotic's assessment for RD-F-021 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Core contracts are immutable and non-upgradeable. No UUPS pattern exists. The _authorizeUpgrade gate factor does not apply by construction. Confirmed via OperatorRegistry Etherscan source (no proxy pattern) and protocol design documentation.

Sources #

  • Etherscan
    OperatorRegistry Etherscan SourceOperatorRegistry 0xAd817a6Bc954F678451A71363f04150FDD81Af9F: no proxy pattern used, standard implementation contractretrieved 2026-05-16
  • URL
    Paradigm Symbiotic Blog PostParadigm post: Symbiotic will never have a central multisig, slashing committee, or other permissioning mechanisms; non-upgradeable coreretrieved 2026-05-16

Methodology #

Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol symbiotic factor RD-F-021 score not_applicable collected_at 2026-05-16 09:25:24