Audit recency

BENQI's assessment for RD-F-002 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

For the highest-risk component (core lending Comptroller and qiToken markets), the most recent audit covering that bytecode is Halborn May 2021 — approximately 1826 days prior to 2026-05-16, far exceeding the 730-day red threshold. The newer audits (Cyfrin Jan 2025 = 120 days, Chaos Labs May 2025 = 0 days, Zellic oracle) cover peripheral or separate components (Ignite, oracle), NOT the core Comptroller/qiToken lending bytecode. sAVAX Certora April 2022 = approximately 1492 days — also red. The core money-market bytecode has had no re-audit in >4 years despite ongoing TVL of $277M.

Sources #

Audit
BENQI Smart Contract Security Audit — Halborn v1.1 (May 2021)Halborn May 2021 = most recent audit of core lending bytecode; ~1826 days before 2026-05-16retrieved 2026-05-16
Docs
BENQI Risks & AuditsBENQI risks page lists 10 audit engagements; none cover the post-2021 core Comptroller/qiToken bytecoderetrieved 2026-05-16

Methodology #

Measure the number of days between today and the sign-off date of the most recent audit report covering the currently-deployed bytecode.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol benqi factor RD-F-002 score red collected_at 2026-05-16 11:02:12