UUPS _authorizeUpgrade correctly permissioned

Uniswap (v2 + v3)'s assessment for RD-F-021 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2 and V3 core contracts are immutable (not UUPS proxies). No _authorizeUpgrade function exists. UniversalRouter and Permit2 are also non-upgradeable. GovernorBravoDelegator uses EIP-897 delegate proxy for governance logic, not UUPS upgradeable AMM contracts. Not applicable.

Detail #

The UUPS _authorizeUpgrade pattern is relevant only for contracts using the OpenZeppelin UUPS upgradeable proxy pattern. Neither V2 nor V3 core contracts use this pattern. The GovernorBravoDelegator (0x408ED6...) uses an EIP-897 non-upgradeable delegate proxy for governance implementation switching — this is a governance pattern, not a UUPS proxy over TVL-holding contracts.

Sources #

Etherscan
V3 Factory Etherscan — verified as directly deployed contractV3 Factory Etherscan — directly deployed, not UUPS proxyretrieved 2026-05-12

Methodology #

Determine whether the UUPS implementation defines `_authorizeUpgrade(address)` restricted to owner/admin/timelock (not open to arbitrary callers).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-021 score not_applicable collected_at 2026-05-12 10:36:11