Reentrancy guard on external-calling functions

Falcon Finance's assessment for RD-F-014 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

USDf/sUSDf: Zellic found no reentrancy issues. OZ ERC4626Upgradeable uses standard CEI patterns. Post-TGE contracts (sFF-Prime, FF Staking Vault) are unaudited — reentrancy guard status unknown.

Detail #

Zellic reviewed USDf and sUSDf and found no reentrancy findings. sUSDf uses OZ ERC4626Upgradeable which follows CEI patterns. The unaudited FF Staking Vault (StakingRewards contract compiled v0.8.30 with 1M optimizer runs) and sFF-Prime have unknown reentrancy guard status. Yellow because audited core contracts are clean but unaudited contracts introduce residual risk.

Sources #

Etherscan
FF Staking Vault — EtherscanFF Staking Vault: StakingRewards contract (unaudited), Solidity 0.8.30retrieved 2026-05-12
Audit
Zellic Falcon Finance AuditZellic: no reentrancy findings in USDf/sUSDf scoperetrieved 2026-05-12

Methodology #

Determine whether all state-mutating functions that perform external calls carry `nonReentrant` or an equivalent reentrancy guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol falcon-finance factor RD-F-014 score yellow collected_at 2026-05-12 04:06:37