defirisk.co
rubric v1.7.0

Flash-loanable voting weight

Across Protocol's assessment for RD-F-036 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Flash-loanable voting weight | ACX token does NOT implement ERC20Votes checkpointing (source: GitHub AcrossToken.sol: `ERC20, Ownable` only). Flash-loan attack in the same block as proposal vote is mitigated by Snapshot's block-number snapshot mechanism (snapshot taken at proposal creation time, not at vote time). However: (1) pre-snapshot token accumulation (buying/borrowing before snapshot block) is possible; (2) actual governance attack surface is insider concentration: Risk Labs Treasury ...

Sources #

  • Curator note
    Extracted from 02-governance-admin.md — RD-F-036; no URL citedretrieved 2026-04-28

Methodology #

Determine whether governance voting power is a function of current token balance of a transferable token with no lock or checkpoint, making it flash-loan susceptible.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol across-protocol factor RD-F-036 score gray collected_at 2026-04-30 21:19:18