BENQI · DeFi Risk

DeploymentsAvalanche · $277.1M

Risk profile at a glance

1 red · 4 yellow · 7 green

Categories & evidence

184 factors · 13 categories

Code & audits Green 20 25 of 25

RD-F-002 red Audit recency For the highest-risk component (core lending Comptroller and qiToken markets), the most recent audit covering that bytecode is Halborn May 2021 — approximately 1826 days prior to 2026-05-16, far exceeding the 730-day red threshold. The newer audits (Cyfrin Jan 2025 = 120 days, Chaos Labs May 2025 = 0 days, Zellic oracle) cover peripheral or separate components (Ignite, oracle), NOT the core Comptroller/qiToken lending bytecode. sAVAX Certora April 2022 = approximately 1492 days — also red. The core money-market bytecode has had no re-audit in >4 years despite ongoing TVL of $277M. RD-F-001 yellow Audit scope mismatch Ten audit engagements across 7 firms confirmed. Core lending (Halborn May 2021) and sAVAX (Certora April 2022, Halborn Nov 2021–Feb 2022) have audit PDFs with scoped contracts. Dedaub March 2023 audited Ignite at commit 498242b800b07230e81cacb6932c217ba3d07d05. Cyfrin Jan 2025 audited Ignite v2 (Ignite.sol, IgniteStorage.sol, staking.sol, ValidatorRewarder.sol). Zellic audited oracle contract. However: (a) public BENQI-Smart-Contracts repo frozen at 2023-01-11; (b) Isolated Markets (launched 2024, Comptroller 0xfc8C7271BdC3816D7AB1fc802216bad387692Ce1) rely on unverifiable 'dedicated 2024 audit' claim with no public PDF or commit SHA; (c) no deployed-bytecode vs audit-commit-SHA diff possible for Isolated Markets or post-2021 Comptroller changes. Material traceability gap for the Isolated Markets delta disqualifies a green despite extensive overall audit coverage. RD-F-003 yellow Resolved-without-proof findings Dedaub Ignite audit: H1 (missing data structure update in _deleteRegistration) and M1 (oracle staleness checks absent) both marked 'resolved' but the Ignite contracts are in a private repository — no public commit SHA diff confirming on-chain fix is accessible. Cyfrin 2025 Ignite findings (oracle validation edge cases, precision loss in QI fee calculations) stated 'remediated pre-launch' without verifiable public commit SHA. Halborn 2021 lending audit resolution evidence not independently verifiable from the frozen public repo. No high/critical finding marked resolved without traceable on-chain proof can be confirmed as unverifiable from public sources alone — 1–2 medium resolutions are in this state. Scoring yellow (1–2 medium unverified resolutions). RD-F-006 yellow Audit-to-deploy gap Halborn May 2021 audit sign-off to BENQI Liquidity Market mainnet launch 2021-08-19 = approximately 90 days (yellow: 61–180 days). Certora April 2022 FV was conducted after sAVAX was already live (retroactive formal verification — gap reversed). Cyfrin Jan 2025 Ignite v2 audit gap to launch: estimated within 60 days (green range). The lending core sits in the yellow band at ~90 days. RD-F-009 yellow Formal verification coverage Certora performed formal verification of StakedAvax.sol (sAVAX) April 2022, proving the implementation correct with respect to formal rules on critical invariants. A second Certora engagement (June 2022) verified sAVAX for Aave V3 listing. This covers the sAVAX component. The core lending Comptroller/qiToken markets have no formal verification — only traditional audit coverage. Protocol has two major risk surfaces; formal verification covers one (sAVAX) but not the other (lending). Yellow: partial FV coverage (~50% of risk surfaces formally verified). RD-F-011 yellow SELFDESTRUCT reachable from non-admin path SELFDESTRUCT is not a standard Compound V2 pattern. Source inspection of QiErc20Delegate.sol and Comptroller.sol confirms no SELFDESTRUCT opcode in the functions reviewed. sAVAX StakedAvax.sol uses OZ upgradeable pattern with no SELFDESTRUCT. However, cannot formally confirm absence across all deployed contracts (especially Isolated Markets private repo) without tool run. Yellow scored on inability to affirmatively confirm via tool evidence — the probability is low given the architecture, but green requires positive tool confirmation. RD-F-013 yellow Arbitrary call with user-controlled target Compound V2 pattern confines external calls to well-defined interfaces: oracle (PriceOracle), interest rate model (InterestRateModel), and token (ERC-20). No arbitrary user-controlled external call target identified in the inspected public source files. However, the Isolated Markets contracts (private repo, Moonwell-lineage) cannot be fully inspected, and tool confirmation (Slither arbitrary-send-eth detector) has not been run. Yellow: no finding identified in inspected source, but cannot affirmatively confirm clean for all contracts. RD-F-014 yellow Reentrancy guard on external-calling functions Compound V2 lending contracts use checks-effects-interactions (CEI) pattern as the reentrancy defense, not explicit nonReentrant modifiers. StakedAvax.sol explicitly uses ReentrancyGuardUpgradeable. Dedaub Ignite audit identified L1 (reentrancy guard recommendation) as a low-severity finding, resolved. CEI pattern in Compound V2 is documented reentrancy protection but not a modifier-level guard. Yellow: protection exists (CEI) but no explicit nonReentrant on all external-calling functions in the lending core. RD-F-016 yellow Divide-before-multiply pattern Compound V2 uses Exponential.sol fixed-point math (scale factor 1e18) which reduces divide-before-multiply risk. The Cyfrin Ignite 2025 audit found precision loss in QI fee calculations (remediated). Cannot confirm absence of divide-before-multiply in all lending arithmetic paths without Slither tool run on deployed source. Yellow: precision issue found and fixed in Ignite component; core lending not tool-verified. RD-F-023 yellow Constructor calls _disableInitializers() StakedAvax.sol constructor: 'constructor() initializer public {}' — uses initializer modifier on constructor but does NOT call _disableInitializers(). This is a Solidity 0.6.12 + older OZ vintage pattern; _disableInitializers() was introduced in OZ 4.x and is standard for modern proxied implementations. An attacker could potentially call initialize() directly on the implementation contract (not via the proxy) if the initializer guard does not track the implementation state separately from the proxy state. The risk is partially mitigated by the initializer modifier, which tracks the initialized flag in the implementation's own storage. For the Compound V2 lending contracts (not OZ-proxy), this factor does not apply. Yellow: absent in a proxied implementation contract where the pattern is expected. RD-F-024 yellow Code complexity vs audit coverage Core lending: ~23 Solidity files, estimated 2,000-3,000 LOC total. Halborn 2021 engagement appears adequate for this scope. Certora FV on StakedAvax: 2-month engagement for a bounded contract — adequate. Cyfrin Ignite 2025: 1,367 LOC across 4 files in 2-week competitive contest. Main concern: Isolated Markets (Moonwell-lineage, larger codebase with multi-reward distributor and additional complexity) are claimed to have 'dedicated 2024 audit coverage' but no public PDF is accessible. If the Isolated Markets audit is adequate, scoring would be green. The inaccessibility of that audit PDF creates uncertainty. Yellow: audit appears adequate for the publicly-audited components but coverage of the Isolated Markets delta is unverifiable. RD-F-010 gray Static-analyzer high-severity count No published Slither/Mythril/Semgrep JSON output found for any BENQI contract. Halborn 2021 performed automated analysis but did not publish tool output. Isolated Markets Comptroller (0xfc8C7271BdC3816D7AB1fc802216bad387692Ce1) has no known published static-analysis report. Cannot triage findings without tool run against deployed verified source on Snowtrace. Marked gray: [?] needs tool run. RD-F-020 gray EIP-712 domain separator missing chainId QI token governance contract (0x8729438EB15e2C8B576fCc6AeCdA6A148776C0F5) may use EIP-712 for permit/vote signatures; source not in public BENQI-Smart-Contracts GitHub repo. Core qiToken lending contracts do not use EIP-712. Cannot confirm chainId presence in QI token domain separator without direct source inspection of Snowtrace-verified QI token contract. RD-F-021 n/a UUPS _authorizeUpgrade correctly permissioned Neither the Compound V2 lending contracts nor StakedAvax uses the UUPS pattern. The lending Comptroller uses Unitroller delegatecall proxy with admin-gated _setImplementation (not UUPS). StakedAvax uses OZ TransparentUpgradeableProxy / AccessControlUpgradeable pattern (not UUPS _authorizeUpgrade). Factor is not applicable to the deployed architecture.

RD-F-004 green Audit count 7 distinct audit firms confirmed: Halborn (x3 engagements), Certora (x2), Dedaub, Code4rena/Moonwell community contest, Cyfrin, Zellic, Chaos Labs. Well above the green threshold of ≥2 distinct firms.

RD-F-005 green Audit firm tier Certora (Tier-1 formal verification) conducted the sAVAX StakedAvax.sol formal verification in April 2022. Zellic (Tier-1) audited the BENQI oracle contract. Both are Tier-1 firms with engagements on currently-deployed bytecode. Green: at least one Tier-1 audit of deployed code — met by both Certora and Zellic.

RD-F-007 green Bug bounty presence & max payout Immunefi bug bounty program active for BENQI since August 2021, last updated November 27 2025. Maximum payout: $500,000 for critical smart contract vulnerabilities. 38 assets in scope including qiBUSD, qiUSDC, qiETH, qiLINK, qisAVAX, QI token, ecosystem market tokens. Both lending and sAVAX surfaces are in scope. Green: active program with max payout exactly $500K (meets ≥$500K threshold).

RD-F-008 green Ignored bounty disclosure No documented case of a disclosed vulnerability reported to the BENQI team and not actioned before an exploit. BENQI has operated for ~57 months (August 2021 to May 2026) with no protocol-level exploit recorded in any source: Rekt leaderboard (no BENQI entry), DefiLlama hacks feed (no BENQI entry), hacksdatabase grep (clean), OSINT search (no confirmed exploit). Cannot assess due to no prior incidents — green as the evidence-of-absence finding.

RD-F-012 green delegatecall with user-controlled target BENQI lending uses Compound V2 delegatecall proxy pattern (Unitroller→Comptroller, QiErc20Delegator→QiErc20Delegate). In QiErc20Delegator._setImplementation(), the implementation address is admin-controlled — not user-supplied. Source inspection confirms delegatecall target is fixed by admin, with no user-controlled path to the delegatecall target.

RD-F-015 green ERC-777/1155/721 hook without reentrancy guard Compound V2 fork qiToken markets accept only standard ERC-20 tokens. Immunefi bounty scope explicitly excludes ERC-777 re-entrancy as a non-applicable attack vector. No ERC-777/1155/721 callback integration identified in core lending or sAVAX contracts. Green: no such integration present.

RD-F-017 green Mixed-decimals math without explicit scaling Compound V2 fork uses Exponential.sol and ExponentialNoError.sol for all cross-token arithmetic, providing WAD-based (1e18) normalization. This is the established Compound V2 approach to cross-decimal math. No mixed-decimals arithmetic issue identified in audit reports or source review.

RD-F-018 green Signed/unsigned arithmetic confusion Compound V2 lending contracts use SafeMath.sol (explicit overflow/underflow checks in Solidity 0.5.17). sAVAX uses Solidity 0.6.12 with OZ SafeMath pattern. No signed/unsigned arithmetic confusion issue identified in the Halborn, Dedaub, or Certora audit reports. Cannot fully confirm without symbolic execution but no positive finding exists.

RD-F-019 green ecrecover zero-address return unchecked No ecrecover calls identified in the core Compound V2 qiToken lending contracts from source inspection. The base cToken/qiToken pattern does not include permit/signature-based flows. QI token governance functions may use permit but are not in the lending critical path reviewed. No ecrecover-related finding in any audit report.

RD-F-022 green Public initialize() without initializer modifier QiToken.sol initialize() is public but protected by the Compound V2 initialization lock: require(accrualBlockTimestamp == 0 && borrowIndex == 0, 'market may only be initialized once') — equivalent to the OZ initializer modifier effect. StakedAvax.sol uses the explicit OZ initializer modifier: 'function initialize(uint _cooldownPeriod, uint _redeemPeriod) initializer public'. Dedaub Ignite L2 (initializer-related low severity) was marked resolved. No unguarded public initialize identified across the inspected contracts. Green.

RD-F-183 green Bug bounty scope gap on highest-TVL contracts Immunefi BENQI program (updated November 27 2025) covers 38 in-scope assets. Highest-TVL components covered: qiUSDC, qiETH, qiAVAX (implied via qiToken coverage), qisAVAX, qiBUSD, qiLINK, and ecosystem market qiTokens (JOE, SolvBTC, COQ, AUSD, USDTn). QiTokenSaleDistributorProxy also in scope. The Comptroller (governance hub of all markets) is implicitly in scope as the governing contract of all listed qiToken assets. Maximum payout $500K covers both lending and sAVAX surfaces. Notable limitation: 'centralization and economic attack impacts' are out of scope — does not affect structural smart-contract vulnerability coverage. No highest-TVL contract explicitly out of scope.

Governance & admin Red 50 24 of 24

RD-F-032 red Timelock duration on upgrades No timelock contract exists for BENQI lending market or sAVAX. Multiple sources confirm absence. BENQI docs do not mention any timelock. The core markets contracts page lists Comptroller, market tokens, and implementations but no Timelock or TimelockController. Secondary sources explicitly note no timelock. Compound V2 forks may include an optional Timelock.sol — BENQI does not deploy one. RD-F-033 red Timelock on sensitive actions No timelock on any sensitive action category. Compound V2 Comptroller admin can call _setCollateralFactor, _setReserveFactor, _setInterestRateModel, _setPriceOracle, _setBorrowPaused, _setMintPaused, _reduceTiereserves (reserve drain) — all without timelock delay. BenqiChainlinkOracle has Set Admin function (oracle swap without delay). sAVAX admin controls staking parameters and upgrade authority without timelock. All five action types (mint/pause/rescue/setOracle/upgrade) are untimelocked. RD-F-035 red Role separation: upgrade ≠ fee ≠ oracle Single undisclosed team multisig holds: upgrade authority (_setComptrollerImplementation in Comptroller), fee/reserve role (_setReserveFactor, _reduceTiereserves), and oracle role (_setPriceOracle). BenqiChainlinkOracle also has Set Admin function controlled by the same team. No role separation across upgrade/fee/oracle. This is a structural consequence of the undisclosed monolithic multisig admin. RD-F-041 red Rescue/emergencyWithdraw without timelock Compound V2 Comptroller admin can call _reduceReserves(cToken, amount) to drain protocol reserves and _transferComp(address, uint) to sweep COMP-equivalent rewards — both without any timelock delay. No timelock exists across the protocol. Admin multisig can execute reserve drain in a single transaction. sAVAX admin has upgrade authority over the StakedAvax proxy and controls staking parameters without delay. This is a full-drain vector gated only by the undisclosed multisig threshold. RD-F-025 yellow Admin key custody type Admin is classified as team-controlled multisig without timelock. Protocol docs confirm all parameter changes require multi-party approval through a multisig framework. No single-EOA admin. Safe address, threshold, and signer identities are not publicly disclosed. Classification: multisig without timelock. RD-F-026 yellow Upgrade multisig signer configuration (M/N) Secondary sources reference at least 4 signers but no M/N threshold or Safe address is publicly confirmed. getThreshold() cannot be called without the Safe address. Display string cannot be confirmed. Undisclosed multisig configuration at $277M TVL is assessed as yellow (could be below peer norm). RD-F-027 yellow Single admin EOA Admin is not a single EOA — confirmed multisig governance by multiple sources. Deployer 0x5423819B3b5bb38b0E9E9e59F22f9034e2d8819b deployed Comptroller ~5 years ago; current admin is a team multisig, not the deployer. Not red (multisig confirmed). Not green (threshold and signers undisclosed; effective centralization cannot be ruled out). Undisclosed multisig with unknown composition at $277M TVL warrants yellow. RD-F-028 yellow Low-threshold multisig vs TVL At least 4 signers referenced in secondary sources; no Safe address or confirmed M/N threshold. With $277M TVL, peer norm for this TVL band is 5-of-8 or higher. An undisclosed multisig with possibly 4 signers is assessed as likely below peer norm. Cannot confirm green without on-chain verification. RD-F-042 yellow Admin has mint() with unlimited max QI token total supply is 7,200,000,000 distributed via liquidity mining — fixed-supply distribution model with no confirmed ongoing admin-callable mint for new supply. sAVAX minting is user-triggered (deposit AVAX) not an admin-callable unlimited mint. No on-chain maxSupply() cap confirmed via primary source read. Scored yellow: fixed supply model reduces risk but on-chain cap not independently verified; admin retains Comptroller mint control over qiTokens (the cToken market tokens, not QI governance token). RD-F-167 yellow Deprecated contract paused but pause reversible by live admin BENQI has some low-activity or effectively-deprecated markets (e.g., qiBUSD post-BUSD depeg in 2023). Comptroller admin retains pause and unpause authority on all listed markets including deprecated ones. No confirmed formal deprecation-and-pause of a specific market, but the structural capability for admin to pause/unpause deprecated surfaces without renouncing the role creates ongoing admin-scope exposure to deprecated surfaces. RD-F-029 gray Multisig signers co-hosted Signer addresses are undisclosed; ASN or custodian analysis is not possible without the Safe address or public signer list. Cannot assess co-hosting. RD-F-030 gray Hot-wallet signer flag Signer addresses are undisclosed; hot-wallet behavioral analysis requires on-chain tx history per signer address, which is not accessible without the Safe address. RD-F-031 gray Signer rotation recency Safe address undisclosed; AddedOwner/RemovedOwner/ChangedThreshold events cannot be enumerated without the Safe contract address. Signer rotation history unassessable. RD-F-034 gray Guardian/pause-keeper distinct from upgrader Compound V2 Comptroller has pauseGuardian role distinct from admin — admin can pause and unpause, pauseGuardian can only pause. Whether BENQI's pauseGuardian is a distinct address from admin is undetermined (Safe address undisclosed). On-chain read of pauseGuardian not performed. RD-F-036 n/a Flash-loanable voting weight veQI is non-transferable — cannot be flash-loaned. No on-chain Governor contract exists. BENQI is team-multisig governed; veQI is gauge-weight escrow for liquidity-mining and validator delegation only. Flash-loanable voting attack vector is structurally absent. RD-F-037 n/a Quorum achievable via single-entity flash loan No on-chain Governor. No quorum mechanism. No governance token used for protocol voting. veQI is non-transferable. Flash-loan quorum attack is architecturally absent. RD-F-038 n/a Proposal execution delay < 24h No on-chain Governor contract. No proposal execution delay mechanism. Team multisig executes admin calls directly. Structurally not applicable — worse than <24h (no delay at all) but this is captured in F032/F033. RD-F-039 n/a delegatecall/call in proposal execution without allowlist No on-chain governance proposal execution path. No Governor contract. No delegatecall-in-proposal execution vector. Admin multisig executes calls directly to target contracts without any proposal execution intermediary. RD-F-040 gray Emergency-veto multisig present No on-chain Governor exists so cancel() mechanism is not relevant. The Comptroller pauseGuardian role provides partial emergency-pause capability. Whether a distinct emergency-veto multisig exists separate from the admin multisig is unknown (undisclosed config). Assessed gray due to lack of on-chain confirmation. RD-F-044 gray Admin wallet interacts with flagged addresses Admin Safe address undisclosed; tx pattern analysis of admin multisig signers not possible without known signer addresses. No CTI feed hit confirmed or denied. RD-F-045 gray Constructor args match governance proposal No governance proposal system exists; all deploys executed by team multisig directly. No governance proposal calldata to compare constructor args against. Not determinably assessable. RD-F-047 n/a Governance token concentration (Gini) QI token Gini coefficient not computed within assessment window. On-chain holder enumeration via Snowtrace API or subgraph not performed. veQI is non-transferable and not relevant to Gini.

RD-F-043 green Admin = deployer EOA after 7 days Comptroller deployed ~5 years ago by 0x5423819B3b5bb38b0E9E9e59F22f9034e2d8819b. Protocol operated continuously since August 2021 under multisig governance. The deployer is not the current admin — confirmed by operational history, docs, and 4+ years of multi-party approvals. Admin was transferred to multisig well within 7 days of deploy (given the protocol launched operationally in August 2021 with stated multisig governance from the outset).

RD-F-046 green Contract unverified on Etherscan/Sourcify All core BENQI contracts (Comptroller, qiToken markets, BenqiChainlinkOracle, QI token, sAVAX) are labeled and accessible on Snowtrace — the canonical Avalanche C-Chain block explorer functionally equivalent to Etherscan. Contract ABIs and source code are readable. All core contracts holding user funds are verified.

Oracle & external dependencies Yellow 31 17 of 17

RD-F-048 green Oracle providers used BenqiChainlinkOracle (0x316aE55EC59e0bEb2121C0e41d4BDef8bF66b32B) aggregates 9 Chainlink Avalanche push-feeds for all core lending markets. Isolated Markets use a Chaos Labs Edge Oracle (primary) + Chainlink (secondary) dual-oracle contract, audited by Zellic and Chaos Labs (2024-2025). sAVAX uses an internal stake-accounting exchange rate (no external oracle). All providers are established tier-1 or institutional grade.

RD-F-050 green Dependency graph (protocols depended upon) BENQI's external smart-contract dependencies are lean: (1) 9 Chainlink Avalanche push-feeds — established, no documented Avalanche outage; (2) Chaos Labs Edge Oracle for Isolated Markets (Zellic-audited); (3) Avalanche P-Chain validator set (network-layer dependency for sAVAX, not a smart contract). No bridge, no LayerZero, no stablecoin-issuer algorithmic dependency. Dependency graph is well-bounded for a combined lending+LST protocol.

RD-F-056 green Single-pool oracle (no medianization) Not applicable as a risk factor — Chainlink push-feeds inherently aggregate across multiple independent data providers and node operators (not single-DEX-pool). Chainlink aggregator contracts receive submissions from multiple independent oracles and report the median/weighted result. The 'single-pool' failure mode does not apply to Chainlink architecture. Isolated Markets use dual oracle (Chaos Labs + Chainlink) for additional cross-source validation.

RD-F-061 green LP token balanceOf used for pricing No LP token `balanceOf`-based pricing found in BenqiChainlinkOracle. The oracle reads Chainlink aggregator price data directly via `latestRoundData()` — no LP token balance computation in the price path. The donation-via-transfer manipulation vector does not apply to Chainlink-based pricing.

RD-F-062 green External keeper/relayer not redundant BENQI does not use an external keeper or relayer for core protocol operations. Liquidations in the Compound V2 fork model are permissionless — any caller can invoke liquidation on undercollateralized positions directly. No Gelato, Chainlink Automation, or custom keeper contract identified in the protocol architecture. sAVAX staking rewards accrual is managed by the protocol's own Avalanche P-Chain interaction, not an external keeper.

Economic risk Green 17 13 of 13

RD-F-068 yellow Collateralization under stress Full stress simulation (top-3 collateral assets drop 50%) not performed — requires per-market collateral/borrow balance enumeration via on-chain RPC calls. Key structural risk identified: sAVAX is simultaneously a collateral asset AND a borrowable asset in qisAVAX, enabling recursive AVAX-sAVAX leveraged loops. A sharp AVAX price decline would correlate sAVAX secondary market price decline (even though the internal exchange rate only rises from staking rewards, DEX secondary market would depeg), potentially triggering cascading qisAVAX liquidations simultaneously. Aggregate utilization of 18.08% provides meaningful buffer. Close factor of 50% limits per-liquidation size. No bad-debt events in 57 months. Scored yellow due to the structural sAVAX-loop cascade risk and inability to perform the full simulation. RD-F-070 yellow Empty cToken-style market (zero supply/borrow) STAR CRITICAL FACTOR. BENQI Liquidity Market is a Compound V2 fork (qiToken = cToken architecture). The donation/empty-market exchange-rate-inflation vulnerability class applies structurally. Conditions for exploit: a market must have near-zero totalSupply, enabling a small minter to acquire nearly all shares, then donate tokens directly to the contract to inflate the exchange rate, then drain other markets. Active qiToken markets are NOT empty — aggregate supplied $277.64M, borrowed $50.19M, with individual markets (qiAVAX holding ~495K-502K AVAX per Snowtrace tx history) having substantial non-zero supply. However: (1) BENQI GitHub repo (last commit 2023-01-11) predates post-Sonne-Finance (May 2024) and post-Hundred-Finance (April 2023) mitigations; no evidence of virtual-share offset or enforced minimum seed-deposit code introduced; (2) qiBUSD market may be deprecated with near-zero supply (BUSD discontinued Feb 2023) — status unconfirmed on-chain; (3) Isolated Markets (newer ~2024) RD-F-071 yellow Seed-deposit requirement for new market listing No confirmed enforcement of a minimum seed deposit before borrow-enabling in the BENQI codebase. BENQI GitHub (last commit 2023-01-11) does not show post-Hundred-Finance or post-Sonne-Finance mitigations. Protocol docs describe market listing as a governance process but do not specify an enforced code-level seed-deposit threshold. The Sonne Finance post-mortem (May 2024) established that the correct mitigation is to mint-and-burn a small initial cToken supply atomically at market creation — BENQI has not publicly confirmed adoption of this pattern for its existing or new markets. Risk is partially mitigated by the team-multisig governance gate on market listings (not permissionless), but code does not enforce the guard. RD-F-072 yellow Market-listing governance threshold Market listing requires team multisig approval (low-threshold governance) — not permissionless (which would be red) and not a full DAO vote (which would be green). Cache confirms governance.type='unknown' with no on-chain Governor or Snapshot space. Profile §6 confirms team-multisig model with no on-chain Governor; veQI is gauge-weight escrow, not a Governor. This is the standard yellow classification: team-controlled but not DAO-governed. The multisig gate prevents arbitrary listing attacks but does not provide the decentralization assurance of a full governance vote. RD-F-064 n/a TVL concentration (top-10 wallet share) Top-10 depositor wallet share not determinable from available data. DefiLlama does not report depositor concentration for lending protocols at the parent level. No Dune Analytics dashboard or on-chain subgraph query was performed within available time. Requires per-market deposit event enumeration. RD-F-065 n/a Liquidity depth per major asset DEX liquidity depth at 2%/5% slippage for BENQI collateral assets on Avalanche (Trader Joe, Pangolin, Curve) not retrieved via subgraph queries within available time. Qualitatively: AVAX and sAVAX have significant Avalanche DEX depth; LINK, QI, COMP are thinner. Quantitative slippage depth data required for formal scoring. RD-F-069 n/a Algorithmic / under-collateralized stablecoin BENQI does not issue an algorithmic or under-collateralized stablecoin. QI is a governance/utility token. sAVAX is a collateral-backed liquid staking token (AVAX-backed, not algorithmic). This factor does not apply by protocol architecture. RD-F-074 n/a ERC-4626 virtual-share offset (OZ ≥4.9) qiTokens are Compound V2-style cTokens, NOT ERC-4626 vaults. The ERC-4626 virtual-share offset pattern (OZ >=4.9) is not applicable to cToken architecture. The analogous cToken first-minter/donation-attack risk is assessed under F070 (empty cToken market) and F071 (seed-deposit). No ERC-4626 vault module identified in BENQI's primary product suite (lending/, sAVAX/, veQI/ per GitHub structure). RD-F-075 n/a First-depositor / share-inflation guard Not applicable for the same reason as F074: qiTokens are Compound V2-style cTokens, not ERC-4626 vaults. The first-depositor / share-inflation guard factor applies to ERC-4626 vault designs. The cToken-equivalent risk (donation attack on empty markets) is captured under F070 and F071. No standalone ERC-4626 vault found in BENQI's primary product suite.

RD-F-063 green TVL (current + 30d trend) TVL is $277.06M as of 2026-05-16 (DefiLlama parent#benqi cache). 30-day change is +3.1%. 90-day CoV = 0.058 (mean $267.7M, std $15.4M) — very low volatility. 12-month peak ~$801.2M. Comfortably above the $100M green threshold with stable trend.

RD-F-066 green Utilization rate (lending protocols) Aggregate utilization rate is 18.08% (total_borrowed_usd $50.19M / total_supplied_usd $277.64M). Far below the 80% yellow threshold and 95% red threshold. Individual per-market utilization rates were not retrieved via on-chain calls, but the aggregate is comfortably low with large buffer against withdrawal freeze. The low utilization is consistent with the post-2022 lending market normalization and indicates healthy market state.

RD-F-067 green Historical bad-debt events Zero documented bad-debt events in BENQI's ~57-month history (2021-08-19 to 2026-05-16). No incidents in rekt.news leaderboard (cache rekt.incidents=[]), DefiLlama hacks feed (cache defillama.hacks=[]), or hacksdatabase (grep confirmed clean by orchestrator). No governance forum post documenting socialized losses found. Protocol has operated across multiple market stress cycles (LUNA/UST collapse May 2022, FTX November 2022) without documented bad debt.

RD-F-073 green Oracle-manipulation-proof borrow cap BENQI Liquidity Market uses Chainlink price feeds (not DEX TWAP) via BenqiChainlinkOracle at 0x316aE55EC59e0bEb2121C0e41d4BDef8bF66b32B. Chainlink aggregator-based feeds are not manipulable via DEX liquidity depletion (the standard oracle-manipulation-for-borrow attack vector). Borrow caps exist as a feature (BENQI added them beyond original Compound V2 design). Isolated Markets use a dual oracle system (Chaos Labs Edge + Chainlink secondary) with additional manipulation resistance. F073 red condition (DEX-TWAP oracle with borrow cap > 50% of pool depth) does not apply. Scored green: Chainlink-based oracles structurally resist the oracle-manipulation-profit scenario this factor measures.

Operational history Green 9 15 of 15

RD-F-089 red Insurance coverage active No active third-party insurance coverage on BENQI as of 2026-05-16. Nexus Mutual's September 2025 '20+ New Cover Listings' blog post does not include BENQI. Nexus Mutual app and Sherlock protocol list do not show BENQI coverage. No Unslashed coverage found. The $277M TVL (lending + LST) carries zero proportional user-loss indemnification. BENQI's Chainalysis CIR partnership (Nov 2023) provides post-exploit fund-tracking capability but is not insurance coverage. Threshold: red = no active coverage. RD-F-081 n/a Post-exploit response score No prior exploits exist (F077 = 0). Post-exploit response score is not applicable when there have been no incidents to respond to. RD-F-082 n/a Post-mortem published within 30 days No prior exploits (F077 = 0). Post-mortem timeline not applicable when no incidents have occurred. RD-F-083 n/a Auditor re-engaged after last exploit No prior exploits (F077 = 0). Auditor re-engagement after exploit is not applicable when no exploits have occurred. RD-F-085 n/a Incident response time (minutes) No prior incidents (F077 = 0). Incident response time (minutes) is not applicable when no exploits have occurred.

RD-F-076 green Protocol age (days) BENQI Liquidity Market deployed 2021-08-19 (~1,731 days / ~57 months as of 2026-05-16). Threshold: green >= 365 days. DefiLlama daily TVL series begins at ts=1629331200 (2021-08-19) confirming launch date. Exceeds threshold by 4.7x.

RD-F-077 green Prior exploit count Zero prior exploits confirmed across all sources: proprietary hacksdatabase grep 'benqi' = 0 entries; rekt.news leaderboard 295 entries reviewed — BENQI absent; DefiLlama hacks API empty (cache hacks:[]); cache rekt.incidents:[]; OSINT searches for BENQI exploit 2021-2025 returned no confirmed incident. One AI-generated search reference to 'early 2022 exploit' was rejected as unsubstantiated with no primary-source corroboration. 57 months clean.

RD-F-078 green Chronic-exploit flag (≥3 incidents) Derived from F077 = 0 exploits. Threshold: green = <3 incidents. No CHRONIC flag. Zero incidents across 57 months of operation.

RD-F-079 green Same-root-cause repeat exploit Zero incidents (derived from F077). No root-cause cluster comparison possible or needed. Green by derivation — no same-root-cause repeat possible with 0 incidents.

RD-F-080 green Days since last exploit No incidents in 1,731 days of operation. Threshold: green = >365 days or no incidents. Last exploit date = never; days since last exploit = N/A (no incidents).

RD-F-084 green TVL stability (CoV over 90d) 90-day TVL CoV = 0.0577 (mean $267.7M, std $15.4M, window ending 2026-05-16). Threshold: green = CoV <0.15. BENQI's CoV of 0.058 is well within green, indicating stable operational TVL without anomalous drawdowns. Current TVL $277.06M is close to 90-day mean.

RD-F-086 green Pause activations (trailing 12 months) No market pause activations identified in the trailing 12 months (2025-05-16 to 2026-05-16). OSINT of benqifinance.medium.com, BENQI X (@BenqiFinance), and docs.benqi.fi found no pause announcements. Profile §10 confirms no incidents. BENQI's Comptroller has standard Compound-fork pause functions (_setMintPaused/_setBorrowPaused) but no activations found. Threshold: green = 0 pauses.

RD-F-087 green Pause > 7 consecutive days No pause activations found in trailing 12 months (derived from F086). Therefore no pause >7 consecutive days possible. Threshold: green = no pause >7d in last 12 months.

RD-F-088 green Re-deployed to new addresses in last year No full contract redeployment in the last 12 months. Core contracts (Comptroller, sAVAX) remain at stable addresses unchanged since original deploy. Isolated Markets and Ignite additions are new components, not replacements of existing contracts. No migration announcement found on benqifinance.medium.com. Threshold: green = no full redeployment in last 12 months.

RD-F-166 green Deprecated contracts still holding value No formally deprecated contracts identified. qiBUSD (0x872670CcAe8C19557cC9443Eff587D7086b8043A) is listed in docs but its market parameters were tightened via governance (collateral factor → 0) following BUSD's global wind-down by Binance (Feb 2023). Per the briefing's explicit precedent rule: Compound-fork parameter restriction (CF/RF → 0) is NOT contract deprecation and should not be over-scored. No formal deprecation announcement found. BUSD effectively ceased circulation by 2024, so residual qiBUSD TVL is assessed as negligible. Threshold: green = deprecated contracts hold $0 or have been self-destructed. Curator-verify flag: confirm qiBUSD.totalSupply() on Snowtrace.

Real-time signals Green 0 22 of 22

RD-F-098 green TVL anomaly — % drop in <1h TVL anomaly signal is fully applicable and wired for v1 launch (tier-A, instant grade flip). Current posture: TVL $277.06M as of 2026-05-16 (DefiLlama cache); 1d change = -1.92% (within normal); 30d change = +3.1% (slight uptick); 90d CoV = 0.058 (low volatility, mean $267.7M std $15.4M). TVL is above the 30d baseline — no 30% drop in 60 minutes, no secondary tier-B precursor (>7% in 15 min from unknown destinations). Signal would fire if TVL dropped >30% in 60 min vs 30d baseline; current posture is clean. No sector-wide DeFi drain event as of 2026-05-16.

RD-F-104 green Stablecoin depeg >2% on shared-LP venue Stablecoin depeg signal is applicable and a v1-launch signal (tier-B, 48h sustained). BENQI has material stablecoin exposure: qiUSDC (supplied ~$44.5M, ~16% TVL) and qiUSDT (active market) both exceed the 5% TVL threshold trigger. Current posture: USDC and USDT at peg as of 2026-05-16; no sustained >2% deviation on any venue. Signal would fire on a sustained USDC or USDT depeg (per §4.2: |price - $1.00| / $1.00 > 0.02 on ≥2 venues, sustained ≥30 min, AND protocol exposure ≥5% TVL). Suppression rules would apply if ≥3 major stables simultaneously depegged (sector-wide cluster). Current posture: clean.

Dev identity & insider risk Green 17 16 of 16

RD-F-117 red ENS/NameStone identity bound to deployer Neither deployer address (Comptroller: 0x5423819B3b5bb38b0E9E9e59F22f9034e2d8819b; sAVAX: 0xb5d72f3e80aC24A26A164ac86234e693195c7d8b) has an ENS or NameStone binding. Snowtrace shows no ENS resolution for either address. Architectural context: ENS is Ethereum mainnet; BENQI is 100% Avalanche C-Chain — an Avalanche-native deployer has no ENS equivalent by design. No Avalanche-native resolver equivalent (e.g. a .avax name system) found in use. Red per template literal (no ENS/NameStone binding), but this represents an architectural non-applicability for non-mainnet protocols rather than a high-risk insider signal. Residual risk from ENS absence is low given Avalanche-native context. RD-F-112 yellow Team public accountability surface JD Gagnon has ≥4 verifiable public trails (LinkedIn employment history, on-camera YouTube appearances x3, podcast host, IQ.wiki, press). Hannu Kuusi has ≥2 trails (LinkedIn with issuer-verifiable SAFe credential, press coverage). Alexander Szul has 1–2 trails (press coverage only). Average across named core co-founders is approximately 2.3 trails per member, placing the aggregate at yellow band (1–2 trails per core member). Green threshold would require ≥3 verifiable trails per core member consistently — not met for Kuusi and Szul. RD-F-119 yellow Commit timezone consistent with stated geography GitHub repo has only 8 total commits (last: 2023-01-11); commit-hour histogram is not statistically meaningful for timezone-anomaly detection. Team states Canada (JD Gagnon: Alberta/Fort Lauderdale, UTC-4 to UTC-7), Finland (Hannu Kuusi: Helsinki, UTC+3), and Singapore (Kuusi current, UTC+8) as geographies. DPRK-alert timezone would be UTC+9 concentrated commits. With 8 commits and a multi-timezone team, no anomalous clustering is detectable. No red DPRK timezone signal found; assessment is yellow due to insufficient data volume rather than any positive anomaly signal. RD-F-121 yellow Contributor OSINT depth score JD Gagnon OSINT depth score: 4/5 — LinkedIn with employment history, CFP designation, University of Alberta, on-camera YouTube x3, podcast host ('Go Fund Yourself'), IQ.wiki bio, press coverage. Hannu Kuusi OSINT depth score: 3/5 — LinkedIn with SAFe 4 Certified Agilist (issuer-verifiable credential), 20+ yr ICT background, press coverage, Singapore/Helsinki geography. Alexander Szul OSINT depth score: 2/5 — press coverage only, no independent LinkedIn retrieved. Average across three co-founders: ~3/5, placing in yellow band (2–3). Green threshold (average ≥4) not met at aggregate level. RD-F-123 yellow Sudden admin-rescue/ACL change without discussion BENQI has no on-chain Governor and no dedicated governance forum (no Snapshot space, no Tally, no forum URL found as of 2026-05-16; cache governance.type: 'unknown'). Parameter changes are executed via team multisig per docs (docs.benqi.fi/resources/risks). Medium blog serves as the primary announcement channel. GitHub issues contain zero admin/ACL-change discussions (3 open issues are user-support only). Chaos Labs parameter-recommendation dashboards provide risk suggestions but are not a pre-execution public discussion venue. The structural absence of a ≥24h public pre-execution discussion mechanism for any admin or ACL change meets the yellow criterion for F123: multisig discretion without a formal public proposal process. No specific undisclosed admin-rescue event was identified during the assessment window, but the process gap is structural. RD-F-122 gray Contributor paid to DPRK-cluster wallet No contributor payment wallet addresses are publicly published by BENQI. Paid Chainalysis/TRM contributor-payment mapping not available. Protocol uses Safe multisig for operations (Comptroller deployer shows Safe Exec Transaction pattern on Snowtrace); however, no contributor compensation outflow addresses could be identified from public Snowtrace tx data. Full 3-hop contributor-payment DPRK proximity analysis requires paid CTI feed or curator-driven manual tracing of known team wallet addresses. RD-F-184 gray Real-capital social-engineering persona F184 (batch-24, Cat 7) assesses whether a curator-flagged 'team contributor' or 'external integrator' persona has ≥$1M of attributed real-capital deposits used to build credibility ahead of a social-engineering attack. No such persona has been curator-flagged for BENQI as of 2026-05-16. BENQI has operated ~57 months with a clean incident record (no rekt.news entry, no hacksdatabase entry). The protocol's publicly doxxed founding team (JD Gagnon, Hannu Kuusi, Alexander Szul) reduces but does not eliminate this risk vector. Drift comparator: no comparable insider-persona incident reported for BENQI or its Compound V2 fork calibration peers. Assessment requires active curator monitoring of contributor/integrator wallet flows — not completable via static OSINT alone.

RD-F-111 green Team doxx status Three co-founders (JD Gagnon, Hannu Kuusi, Alexander Szul) are real-name with verifiable prior professional history. JD Gagnon: LinkedIn with employment history (financial consultant, CFP designation from FP Canada, University of Alberta, founder of Scotch & Ramen Media), on-camera YouTube interviews (2021, 2022, 2023), IQ.wiki bio. Hannu Kuusi: LinkedIn with SAFe 4 Certified Agilist credential (Scaled Agile Inc., credential ID 57814129-7317), 20+ yr ICT background per public bio. Alexander Szul: named co-founder in newsbtc 2021 press coverage. Green threshold (≥2 core members real-name with verifiable prior professional history) is clearly met.

RD-F-113 green Team other-protocol involvement history No prior rug or exit-scam protocol found for any named team member. JD Gagnon's pre-BENQI history: financial consultant at Investors Group (2008–2014), founder of Scotch & Ramen Media (2017–2019), Velox trading platform — none flagged as rug. Rome Blockchain Labs launched BENQI as its debut protocol; also operates Rome Terminal (trading terminal, no rug history). No BENQI entry in rekt.news or hacksdatabase (orchestrator-confirmed grep). ~57 months live without incident. Prior history is neutral-to-positive.

RD-F-114 green Deployer address prior on-chain history Comptroller deployer 0x5423819B3b5bb38b0E9E9e59F22f9034e2d8819b: 685 txs on Snowtrace, ~5 years old, primarily Safe multisig Exec/Confirm Transaction calls for BENQI contracts; no Chainalysis rug-deployer label found publicly. sAVAX deployer 0xb5d72f3e80aC24A26A164ac86234e693195c7d8b: 19 txs, ~4 years old, all BENQI StakedAvax admin calls; funded by Coinbase 7. Neither address linked to prior rug via publicly available data. Both exhibit normal institutional-dev-history pattern consistent with a funded startup.

RD-F-115 green Prior rug/exit-scam affiliation No rug or exit-scam affiliation found for any named team member via OSINT. rekt.news search returned no BENQI entry. hacksdatabase grep (orchestrator-confirmed) shows zero BENQI entries. Rome Blockchain Labs was incorporated as a software development and incubation firm; BENQI is its primary protocol. No prior crypto project with exit-scam outcome found for Gagnon, Kuusi, or Szul in available public sources.

RD-F-116 green Contributor tenure at admin-permissioned PR GitHub repo github.com/Benqi-fi/BENQI-Smart-Contracts has only 8 commits total; last commit 2023-01-11 per data cache. No ACL-change or admin-change PRs found in the 3 open issues (all user-support questions from Sep 2021, Oct 2024, Mar 2025). The repo is effectively frozen since early 2023. For the active period, the co-founding team (long-tenure contributors) would be the only committers, placing contributor tenure well above the 180-day green threshold. Confidence is low given repo staleness — deployed contracts may have drifted from the public repo (F139 question for code-security-analyst).

RD-F-118 green Handle reuse across failed/rugged projects @BenqiFinance Twitter/X handle confirmed active since 2021 with consistent BENQI identity; Discord invite confirmed. OSINT search found no handle reuse with a prior rugged or failed project. JD Gagnon's professional identity is consistent across LinkedIn, YouTube, podcast, and X. No Wayback Machine evidence of prior alias or reuse found.

RD-F-120 green Video-off/voice-consistency flag JD Gagnon confirmed on-camera in multiple YouTube appearances with consistent identity: (1) Token Terminal BENQI interview (Nov 2022); (2) 'IN THE CLOB' Ignite episode with Devin Bandara (Apr 2023, on-camera); (3) Market Meditations #94 (Oct 2021). Additionally appeared on MSV Podcast (Aug 2022). Green threshold of ≥2 recent public on-camera appearances is clearly met. No video-off flag; identity is consistent across appearances.

RD-F-124 green Deployer wallet mixer-funded within 30 days Comptroller deployer 0x5423819B3b5bb38b0E9E9e59F22f9034e2d8819b: Snowtrace shows first activity ~5 years ago (pre-dating BENQI 2021-08-19 deploy by several months); no Tornado Cash or Railgun withdrawal address found in publicly accessible tx history within 30-day pre-deploy window or any other period. Address exhibits Safe multisig operator pattern (Exec Transaction, Confirm Transaction calls). sAVAX deployer 0xb5d72f3e80aC24A26A164ac86234e693195c7d8b: Snowtrace confirms first funding from Coinbase 7 (0xE1A0DDeb9b5b55E489977b438764e60e314E917c), a U.S.-regulated exchange hot wallet — CEX-sourced funding is clean. Paid Chainalysis/TRM CTI not available; evidence-of-absence at available data resolution. No web intelligence, rekt.news, or DPRK report identifies BENQI deployers as mixer-sourced.

RD-F-125 green Deployer linked within 3 hops to DPRK/Lazarus No OFAC SDN designation found for either deployer address (0x5423819B3b5bb38b0E9E9e59F22f9034e2d8819b or 0xb5d72f3e80aC24A26A164ac86234e693195c7d8b) or any Rome Blockchain Labs principal. No published Chainalysis, TRM, Elliptic, or U.S. Treasury intelligence connects BENQI deployers to DPRK/Lazarus cluster. sAVAX deployer is funded by Coinbase 7 (U.S.-regulated exchange) — the 2-hop path from Coinbase 7 does not lead toward DPRK cluster by construction. Team geography (Canada/US/Finland/Singapore) is inconsistent with DPRK-attributed developer clusters. DPRK-related Avalanche Bridge laundering reports (cryptoleaks.info) do not name BENQI. BENQI partnered with Chainalysis for incident response (X post Nov 2023) — inconsistent with DPRK affiliation. Paid 3-hop graph CTI unavailable; confidence noted as medium. No positive proximity evidence found.

Fork / dependency lineage Yellow 20 10 of 10

RD-F-127 yellow Upstream patch not merged Compound V2 upstream (compound-finance/compound-protocol) has no formal published GitHub security advisories as of 2026-05-16. However, the donation/empty-market vulnerability class is a well-documented attack affecting Compound V2 forks: Hundred Finance (April 2023), Sonne Finance (May 2024), Onyx Protocol all exploited via direct token transfer to cToken inflating exchange rate with zero totalSupply. The community-recommended mitigation is to seed markets (mint-and-burn initial cTokens) before enabling borrows. BENQI has operated 57 months without being exploited via this vector, suggesting either (a) markets were adequately seeded, or (b) attack surface economics were unfavorable on Avalanche. No explicit documentation of BENQI's seeding practice or virtual accounting fix found in public sources. Yellow: upstream vulnerability class exists and is unmitigated by formal upstream patch; BENQI's mitigation status is unconfirmed from public sources. RD-F-129 yellow Code divergence from upstream (%) BENQI lending directory contains 23 Solidity files vs Compound V2 core ~15 primary contracts. BENQI adds: multi-token reward distribution (QI + AVAX emissions added to Comptroller/QiToken), borrow caps (new parameter), Avalanche-specific collateral parameters, qisAVAX market integration, PauseGuardian.sol (additional contract). Estimated divergence: 25–40% from Compound V2 fork point based on structural comparison. Isolated Markets (Moonwell-lineage) represent a further divergence. Yellow: 20–50% divergence territory. RD-F-130 yellow Fork depth (generations from original audit) Core lending markets: fork depth 1 (direct fork of Compound V2 = audited protocol). BENQI Isolated Markets: fork depth 2 (derived from Moonwell, which is a fork of BENQI, which is a fork of Compound V2 — effectively 2 generations from the original audited Compound V2 codebase). Methodology: depth 2 = yellow. Scoring worst-case deployed component (Isolated Markets = depth 2). RD-F-131 yellow Fork retains upstream audit coverage Core lending: Halborn May 2021 is a full fresh audit of the BENQI fork (not just relying on Compound V2 upstream audit). sAVAX: Certora April 2022 is a full fresh formal verification. Isolated Markets: claimed 'dedicated 2024 audit coverage' (BENQI references Moonwell audit heritage) — no public PDF with commit SHA accessible. Classification for Isolated Markets = upstream+delta status uncertain (no verifiable evidence of delta-coverage PDF). Yellow: adequate coverage for core lending/sAVAX; coverage gap for Isolated Markets delta. RD-F-133 yellow Dependency manifest uses unpinned versions Public BENQI-Smart-Contracts repo has no package.json or foundry.toml in the lending directory (only Solidity .sol files — no manifest file found). sAVAX directory: no package.json found in public repo. Dedaub Ignite audit flagged floating pragma ('^0.8.0' or 'Solidity 0.8.0 or higher') as an advisory issue in the Ignite contracts (private repo). Without a lockfile or pinned manifest, cannot confirm OZ or other dependency versions are pinned. Yellow: floating pragma advisory identified in Ignite; no visible pinned manifests in core lending. RD-F-135 yellow Shared-library version with known-vuln status Lending core uses Solidity 0.5.17 with standalone SafeMath.sol (no OZ library dependency). sAVAX uses @openzeppelin/contracts-upgradeable (Solidity 0.6.12 era — OZ version ~3.x based on import style). No active high/critical GHSA advisory found for OZ v3.x range as of 2026-05-16. However, specific OZ version is not pinned in any visible manifest (no lockfile in public repo), making exact version verification impossible. Yellow: library versions likely safe but not precisely verifiable due to missing lockfile.

RD-F-126 green Is-a-fork-of BENQI Liquidity Market is a confirmed Compound V2 fork. Convergent evidence: (1) GitHub repo mirrors Compound V2 architecture exactly (Unitroller/Comptroller/qiToken = cToken rename); (2) pragma solidity 0.5.17 matches Compound V2 deployment era; (3) DefiLlama classifies benqi-lending as Compound-fork; (4) Moonwell documentation explicitly states 'Moonwell is a fork of Benqi, which is a fork of Compound v2'; (5) Snowtrace function signatures on Comptroller match Compound V2 exactly. sAVAX is original. BENQI Isolated Markets = Moonwell-lineage second-generation Compound V2 fork. Upstream clearly identified.

RD-F-128 green Upstream vulnerability disclosure (last 90d) No formal security advisory published by compound-finance/compound-protocol in the 90 days prior to 2026-05-16. GitHub advisory page shows no published advisories. The donation/empty-market class is a known historical pattern (not a new 90-day advisory). No new upstream disclosure discovered. Green: no active upstream disclosure in last 90 days.

RD-F-132 green Fork has different economic parameters than upstream BENQI adds borrow caps, multi-token QI/AVAX rewards, and Avalanche-specific collateral factors — all deviations from Compound V2 defaults. These parameter changes are covered by the Halborn 2021 audit (which audited the BENQI-specific additions to the Compound V2 base) and by ongoing Chaos Labs parameter management. Chaos Labs provides continuous parameter recommendations and has conducted a dedicated parameter audit. The delta from Compound V2 defaults is audited rather than unreviewed.

RD-F-134 green Dependency had malicious-release incident (last 90d) No known malicious-release advisory affecting OZ contracts-upgradeable in the relevant version ranges (0.6.x era or 0.8.x era) or the Solidity 0.5.17/0.6.12 compiler chains in the 90 days prior to 2026-05-16. GitHub OZ security advisory page has no active high/critical advisories for the relevant package versions. The lending core uses no npm dependencies (standalone SafeMath.sol). Green: no malicious-release advisory for used dependencies in 90-day window.

Post-deploy hygiene & change mgmt Yellow 48 13 of 13

RD-F-136 red Deployed bytecode matches signed release tag Public GitHub repo last committed 2023-01-11. No signed or unsigned git tags identified for core lending contracts. Isolated Markets and Ignite have separate audit scopes but no signed release tags in the main BENQI-Smart-Contracts repo. Deployed bytecode does not correspond to any verifiable signed release tag. Bytecode vs signed tag match cannot be confirmed. RD-F-139 red Post-audit code changes without re-audit Halborn audited BENQI Liquidity Market in May 2021. Public repo last commit 2023-01-11 — meaning the repo was committed to for nearly 2 years post-audit without any corresponding re-audit of core lending contracts visible in the public audit record. Isolated Markets (~2024) and Ignite (Dedaub 2023, Cyfrin Dec 2024) received separate audits covering their own new modules but not the original Comptroller and qiToken codebase. No audit PDF with a current commit SHA matching the deployed core lending contracts is publicly documented. This represents material post-audit code changes (market listings, parameter updates, potential codebase changes) deployed without re-audit of core contracts over a 4-year period. RD-F-145 red Deployed bytecode reproducibility No published build instructions for reproducing deployed bytecode from the public repo. Repo stale since 2023-01-11 with no declared solc version, optimizer settings, or build toolchain documentation. Bytecode reproducibility not achievable from available public artifacts. Production deployed bytecode cannot be reproduced by third parties. RD-F-143 yellow Reinitializable implementation (no _disableInitializers) Ignite staking contract (Cyfrin 2025-01 audit scope — zeeve/contracts/staking.sol) calls _disableInitializers() in its constructor — green for this component. QiErc20Delegate (Compound V2 lending implementation): uses becomeImplementation() pattern not OZ initializer — _disableInitializers() applicability differs but reinit risk from direct implementation call exists in principle. StakedAvax deployed ~2022 predates OZ 4.x _disableInitializers() standard; Certora formal verification (April 2022) confirmed core logic but constructor protection not confirmed. Scored yellow: newer module protected; core older components uncertain. RD-F-137 n/a Upgrade frequency (per 90 days) Compound V2 qiToken markets are non-upgradeable via proxy. Ignite and StakedAvax are upgradeable. No upgrade event enumeration performed for the 90-day window. Upgrade frequency cannot be quantified without on-chain event log access. RD-F-138 gray Hot-patch deploys without timelock (last 30 days) No timelock exists across BENQI's protocol. Every admin parameter change is by definition a hot-patch without timelock. However, this factor specifically counts new contract deploys that bypassed a declared timelock in the last 30 days. With no timelock declared, no upgrades are tracked in a timelock queue. No new contract deploy events confirmed within 30 days. Assessed gray: timelock absence already captured in F032/F033; this factor's bypass-counting mechanics are not assessable without a timelock baseline. RD-F-140 n/a Fix-merged-but-not-deployed gap No merged security-fix PRs identifiable in the public repo (frozen since 2023-01-11). No known open fix gaps from public advisories for core lending contracts. Cannot confirm clean state because repo is stale and production code may differ from last public commit. RD-F-142 n/a Storage-layout collision risk across upgrades Compound V2 qiToken markets use delegatecall-to-implementation but implementations are not upgradeable in OZ proxy sense — no storage-layout collision risk from upgrades on core markets. Ignite and StakedAvax are upgradeable proxies. OZ upgrades plugin check was not run within assessment window. RD-F-168 n/a Stale-approval exposure on deprecated router qiBUSD and other potentially deprecated or low-activity BENQI markets may have stale ERC-20 approvals from users. Active approval count to deprecated qiToken contracts requires on-chain allowance scan (Approval event log enumeration) which was not performed within the assessment window. RD-F-185 n/a Bridge rate-limiter / chain-pause as positive mitigant BENQI has no bridge component. Single-chain Avalanche C-Chain deployment only. No cross-chain bridge surface. Bridge rate-limiter and chain-pause mitigant are not applicable by architecture.

RD-F-141 green Test-mode parameters in deploy Protocol operational for 4+ years with $277M TVL. No test-mode indicators visible: deployer is not the admin, oracle addresses are live Chainlink feeds, all markets operational. Cyfrin Ignite audit flagged FEE_RECIPIENT placeholder — marked as resolved before production deployment. No test-mode params confirmed in production.

RD-F-144 green CREATE2 factory permits same-address redeploy No CREATE2 factory pattern identified in BENQI public contracts. Standard direct deployment pattern used for Compound V2 fork. No same-address redeploy risk.

RD-F-146 green New contract deploys in last 30 days No new core contract deploys confirmed within last 30 days from available sources. Protocol core markets are in operational maintenance mode. No evidence of large new deploy surface from Snowtrace or docs in the trailing 30-day window.

Cross-chain & bridge Gray 0 12 of 12

Threat intelligence & recon Yellow 22 8 of 8

RD-F-158 yellow Known-threat-actor cluster has touched protocol Known-threat-actor wallet proximity signal (v1 phase 2, tier-C advisory). No confirmed DPRK/Lazarus wallet touch on BENQI contracts in public on-chain data as of 2026-05-16. However: (1) Lazarus Group used Avalanche C-Chain as a laundering route in the Atomic Wallet 2023 hack — WETH bridged to Avalanche, swapped to WBTC, bridged to Bitcoin (TRM Labs Bybit hack report documents Avalanche as a documented DPRK money-flow route); (2) BENQI is the dominant Avalanche DeFi lending and LST venue, making it a natural reconnaissance target within the observed operational theatre; (3) Kelp DAO April 2026 ($292M) attributed to Lazarus — consistent Lazarus targeting of DeFi lending/bridge protocols; (4) per methodology U4 instruction: any DPRK venue-use → F158 yellow (Cat 11), not team contamination. BENQI has Chainalysis CIR partnership (Nov 2023) providing team-side access to threat-actor monitoring; dashboard does not yet have equivalent licensed feed access for independent confirmation. Definit RD-F-161 yellow Protocol-impersonator domain registered (typosquat) Typosquat monitoring: `bnqi.fi` was registered 2026-03-11 — 66 days before assessment date 2026-05-16, which is within the 90-day window. PhishDestroy confirmed phishing classification (risk score 80/100): domain mimics Benqi and also impersonates the Across protocol. Listed on three public security blocklists: MetaMask, PhishDestroy, and SEAL. VirusTotal 1/1 vendor detection. Hosted on Cloudflare CDN (IP 104.21.19.12). Registrar: Immaterialism Ltd (UK). Domain is currently offline (HTTP 403 Forbidden) but within the active 90-day monitoring window. Additionally, b-enqi.fi appears in web search results as a BENQI-positioned site (returned HTTP 403 on direct fetch; registration date not confirmed in public data — insufficient to count separately without blocklist confirmation). The 90-day window is defined as a curator call per taxonomy; at 66 days bnqi.fi is within the window and carries three blocklist confirmations. RD-F-159 gray Attacker wallet pre-strike probe (low-gas failing txs) Mempool probe monitoring requires licensed TI feed (Chainalysis/TRM cluster list) + Avalanche C-Chain mempool access — not implemented in dashboard pipeline. No failing low-gas tx pattern from threat-actor labeled wallets observed on BENQI contracts in public data. BENQI has Chainalysis CIR partnership (Nov 2023) providing team-side access; dashboard lacks equivalent feed. Pipeline not implemented. RD-F-160 gray GitHub malicious-dependency incident touching protocol deps GitHub malicious-dependency monitoring applicable: BENQI-Smart-Contracts repo has npm dependencies. Repo last commit 2023-01-11; dependency pins from that date may not auto-update. No GitHub security advisory flagging a malicious dep in BENQI's dependency chain as of 2026-05-16. Requires GitHub advisory feed monitoring not yet implemented. Pipeline not implemented. RD-F-162 gray Known-exploit-template selector deployed by any address Exploit-template selector-pattern deployment monitoring requires on-chain new-deploy sweep tooling not implemented for Avalanche C-Chain. Compound V2 exploit templates (oracle manipulation, reentrancy on liquidation, C2 cluster) are well-documented. No new contract deployment with BENQI-targeting exploit-template selector pattern identified in public data as of 2026-05-16. Pipeline not implemented. RD-F-164 gray Leaked credential on paste/sentry site Leaked credential monitoring requires paid paste/credential-dump feed (Flare Systems, have-i-been-pwned enterprise, Sentry-alt monitoring) not available in this static assessment. No leaked credential matching BENQI infrastructure (benqi.fi, Discord, GitHub) found in public data. Requires licensed feed. Pipeline not implemented. RD-F-165 gray Protocol social channel has scam-coordinator flag Telegram/Discord scam-coordinator flag requires curator social watchlist not yet maintained for BENQI. BENQI Discord (~9,800 members, discord.com/invite/jyPAjZjwk6) is an active channel for a top Avalanche DeFi protocol — scam-coordinator targeting is a real risk. No public incident of BENQI Discord admin compromise or scam-coordinator flag found. Requires curator social watchlist. Pipeline not implemented.

RD-F-163 green Avg attacker reconnaissance time for peer-class protocols Attacker wallet reconnaissance time benchmark (informational/comparative for BENQI's risk class): Compound-fork / lending-protocol class reconnaissance ranges from near-zero (flash-loan same-block oracle manipulation) to 78 days (USPD-style pre-strike pattern) in the hack database. Euler Finance had ~1 month pre-strike reconnaissance. Ronin-class = near-zero post-signer-change. BENQI has operated 57 months (~4.7 years) from 2021-08-19 with no documented protocol exploit — no in-sample reconnaissance activity has been identified on BENQI specifically. Rekt leaderboard: no entries. DefiLlama hacks: none. Hacksdatabase: no benqi entries (grep-confirmed). Chainalysis CIR partnership (Nov 2023) means team-side monitoring is active. This factor is informational posture; 57-month clean record is the strongest positive signal.

Tooling / compiler / AI Green 7 5 of 5

RD-F-174 yellow Dependency tree uses EOL Solidity version Core lending contracts use Solidity 0.5.17 (deployed 2021, last active patch release was 0.5.17 itself — the 0.5.x series reached its final release in mid-2020). sAVAX uses 0.6.12 (similarly in the legacy supported category; the 0.6.x series final release was 0.6.12). Both versions are no longer receiving active security patches and are in the legacy/EOL spectrum by 2026-05-16. No critical known compiler bug affects these contracts for their specific patterns (SafeMath-based 0.5.17, OZ-upgradeable 0.6.12). The contracts are non-upgradeable (lending) or proxy-upgradeable (sAVAX), so the EOL compiler risk is static. Ignite uses 0.8.x which is current. Yellow: legacy compiler versions (0.5.17, 0.6.12) in use for core contracts without forward-compatibility patch plan, though no critical bugs are known for the patterns used.

RD-F-170 green Solc version used (known-bug versions flagged) Three compiler versions confirmed across BENQI components: (1) Core lending (Comptroller, qiTokens, Unitroller): Solidity 0.5.17 — confirmed by Snowtrace verification metadata for Comptroller 0x486Af39519B4Dc9a7fCcd318217352830E8AD9b4, verified 2021-11-02; (2) sAVAX StakedAvax.sol: pragma solidity 0.6.12 (confirmed from GitHub source); (3) Ignite contracts: Solidity 0.8.0+ (Dedaub 2023 audit: 'Solidity 0.8.0 or higher'). Checked against solc known-bugs list: Solidity 0.5.17 has no critical bugs relevant to the Compound V2 lending pattern (overflow protection handled by SafeMath.sol; no critical optimizer bugs for this contract type). 0.6.12 similarly stable. 0.8.x is modern. Green: no version on known-bug list with critical bugs relevant to the contract types deployed.

RD-F-171 green Bytecode similarity to audited upstream with behavior deviation BENQI lending has high bytecode similarity to Compound V2 (confirmed fork). Key deviations from upstream are: multi-token reward distribution (QI + AVAX), borrow caps, Avalanche collateral factors — all functional additions, not state-mutation order reorderings consistent with AI-generated copy patterns. The BENQI codebase was developed in 2021, predating widespread AI code generation tools. No evidence of AI-pattern deviations (behavioral deviation in state-mutation ordering) found. Green: no significant behavioral deviation from audited upstream in state-mutation ordering.

RD-F-172 green Repo shows AI-tool co-authorship in critical files Public BENQI-Smart-Contracts repo has 8 commits on master, all from 2021–2023 — predating common AI-tool co-authorship metadata (GitHub Copilot co-authored-by trailers). No 'Co-authored-by: GitHub Copilot' or equivalent AI co-authorship trailers found in accessible commit history. Cyfrin 2025 Ignite audit was conducted on a private repo (commit history not publicly inspectable). Green: no AI co-authorship in security-critical files in the publicly accessible repository.

RD-F-173 green Team self-disclosure of AI-generated Solidity No public disclosure from BENQI team (Medium blog, Twitter/X @benqifinance, docs.benqi.fi, Discord) indicating AI-generated Solidity was used in security-critical contract paths. Protocol developed from 2021 onwards — predates LLM-assisted Solidity as a disclosed practice. OSINT search found no relevant disclosure statement. Green: no AI-generated Solidity disclosure.

Response & disclosure hygiene Green 8 4 of 4

RD-F-176 yellow Disclosure SLA public BENQI does not publish a specific acknowledgment-time SLA. docs.benqi.fi/resources/risks reviewed — no SLA timeframe stated. Immunefi program description does not state a BENQI-specific ack SLA. Immunefi platform provides implicit response-time norms under its standard terms (projects are expected to respond within standard business-day windows and whitehats can escalate to Immunefi mediation), but BENQI has not independently committed to an explicit <=72h acknowledgment window. Threshold: yellow = SLA stated but not tested or >72h (here: SLA not explicitly published by BENQI, channel exists, implicit Immunefi platform norms apply).

RD-F-175 green Disclosure channel exists Active Immunefi bug bounty program at https://immunefi.com/bug-bounty/benqi/ with 38 in-scope assets, $500K maximum payout, running since approximately August 2021 (concurrent with protocol launch). Program scope covers core lending markets (qiBUSD, qiUSDC, qiETH, qiLINK, qisAVAX), QI token, QiTokenSaleDistributorProxy, and ecosystem market contracts. Continued maintenance of 38 in-scope assets (including newer ecosystem contracts) is consistent with active operation. Chainalysis CIR partnership (Nov 2023) further evidences operational security engagement. Threshold: green = public disclosure channel exists with evidence of active monitoring.

RD-F-177 green Prior known-ignored disclosure No prior incidents exist (F077 = 0), so no post-mortem could document an ignored disclosure. No security researcher public disclosures of unactioned BENQI reports found in OSINT (rekt.news, DefiLlama hacks, hacksdatabase). No evidence of BENQI ignoring a disclosed vulnerability. Threshold: green = no evidence of ignored disclosure.

RD-F-178 green CVE/GHSA advisory issued against protocol No CVE or GHSA advisory identified against BENQI or its codebase. OSINT searches for 'BENQI GHSA CVE advisory vulnerability' returned no relevant entries. GitHub advisory database search for BENQI-fi/BENQI-Smart-Contracts found no GHSA entries. The Dedaub Ignite audit (Mar 2023) disclosed a HIGH severity finding (missing data-structure update in _deleteRegistration, marked resolved) and a MEDIUM (missing oracle staleness checks, marked resolved) — these were disclosed via the audit PDF, not filed as formal GHSA/CVE advisories. All known findings were remediated through the audit process. Threshold: green = no advisory or all advisories patched.

rubric_version v1.7.0 graded_at 2026-05-16 12:12:00 factors 184 protocol benqi