SELFDESTRUCT reachable from non-admin path

BENQI's assessment for RD-F-011 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

SELFDESTRUCT is not a standard Compound V2 pattern. Source inspection of QiErc20Delegate.sol and Comptroller.sol confirms no SELFDESTRUCT opcode in the functions reviewed. sAVAX StakedAvax.sol uses OZ upgradeable pattern with no SELFDESTRUCT. However, cannot formally confirm absence across all deployed contracts (especially Isolated Markets private repo) without tool run. Yellow scored on inability to affirmatively confirm via tool evidence — the probability is low given the architecture, but green requires positive tool confirmation.

Sources #

GitHub
StakedAvax.sol — BENQI GitHubStakedAvax.sol source review — OZ upgradeable, no SELFDESTRUCTretrieved 2026-05-16
GitHub
QiErc20Delegate.sol — BENQI GitHubQiErc20Delegate.sol source review — no SELFDESTRUCT identifiedretrieved 2026-05-16

Methodology #

Determine whether any deployed contract contains the SELFDESTRUCT opcode in a code path reachable from a non-admin caller.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol benqi factor RD-F-011 score yellow collected_at 2026-05-16 11:02:12