Reentrancy guard on external-calling functions

Orca's assessment for RD-F-014 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Slither reentrancy detectors are EVM-only and cannot run on Rust/BPF. Solana CPI reentrancy is a real threat vector but is distinct from EVM reentrancy. Anchor's account borrowing model and the 2022 Kudelski/Neodyme audits address CPI reentrancy patterns. No findings on reentrancy reported in available audit summaries. Cannot assess via the specified toolchain on this substrate.

Sources #

Audit
Neodyme Orca Whirlpools Audit 2022-05-05https://dev.orca.so/.audits/2022-05-05.pdfretrieved 2026-05-16

Methodology #

Determine whether all state-mutating functions that perform external calls carry `nonReentrant` or an equivalent reentrancy guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol orca factor RD-F-014 score gray collected_at 2026-05-16 02:39:16