Reentrancy guard on external-calling functions

BENQI's assessment for RD-F-014 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Compound V2 lending contracts use checks-effects-interactions (CEI) pattern as the reentrancy defense, not explicit nonReentrant modifiers. StakedAvax.sol explicitly uses ReentrancyGuardUpgradeable. Dedaub Ignite audit identified L1 (reentrancy guard recommendation) as a low-severity finding, resolved. CEI pattern in Compound V2 is documented reentrancy protection but not a modifier-level guard. Yellow: protection exists (CEI) but no explicit nonReentrant on all external-calling functions in the lending core.

Sources #

GitHub
StakedAvax.sol — ReentrancyGuardUpgradeableStakedAvax.sol — imports ReentrancyGuardUpgradeable from OZretrieved 2026-05-16
Audit
Dedaub BENQI Ignite Audit — L1 reentrancyDedaub Ignite audit L1 — reentrancy guard (low severity, resolved)retrieved 2026-05-16

Methodology #

Determine whether all state-mutating functions that perform external calls carry `nonReentrant` or an equivalent reentrancy guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol benqi factor RD-F-014 score yellow collected_at 2026-05-16 11:02:12