★ Audit scope mismatch

BENQI's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Ten audit engagements across 7 firms confirmed. Core lending (Halborn May 2021) and sAVAX (Certora April 2022, Halborn Nov 2021–Feb 2022) have audit PDFs with scoped contracts. Dedaub March 2023 audited Ignite at commit 498242b800b07230e81cacb6932c217ba3d07d05. Cyfrin Jan 2025 audited Ignite v2 (Ignite.sol, IgniteStorage.sol, staking.sol, ValidatorRewarder.sol). Zellic audited oracle contract. However: (a) public BENQI-Smart-Contracts repo frozen at 2023-01-11; (b) Isolated Markets (launched 2024, Comptroller 0xfc8C7271BdC3816D7AB1fc802216bad387692Ce1) rely on unverifiable 'dedicated 2024 audit' claim with no public PDF or commit SHA; (c) no deployed-bytecode vs audit-commit-SHA diff possible for Isolated Markets or post-2021 Comptroller changes. Material traceability gap for the Isolated Markets delta disqualifies a green despite extensive overall audit coverage.

Sources #

Audit
BENQI Smart Contract Security Audit — Halborn v1.1Halborn BENQI Liquidity Market smart contract audit, May 2021retrieved 2026-05-16
Audit
Cyfrin CodeHawks — BENQI Ignite Audit 2025Cyfrin competitive audit of BENQI Ignite v2 (Ignite.sol, IgniteStorage.sol, staking.sol, ValidatorRewarder.sol), Jan 13–27 2025retrieved 2026-05-16
GitHub
BENQI-Smart-Contracts GitHub (stale since 2023-01-11)Public BENQI-Smart-Contracts repo, last commit 2023-01-11; no Isolated Markets code; separate private repo not accessibleretrieved 2026-05-16
Docs
BENQI Isolated Markets ContractsIsolated Markets Comptroller address 0xfc8C7271BdC3816D7AB1fc802216bad387692Ce1 — no public audit PDF with commit SHA foundretrieved 2026-05-16
Audit
Certora Formal Verification — BENQI StakedAvaxCertora formal verification of StakedAvax.sol, April 2022retrieved 2026-05-16
Audit
Dedaub — BENQI Ignite Audit ReportDedaub BENQI Ignite audit, commit 498242b800b07230e81cacb6932c217ba3d07d05, March 2023retrieved 2026-05-16

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol benqi factor RD-F-001 score yellow collected_at 2026-05-16 11:02:12