Divide-before-multiply pattern

BENQI's assessment for RD-F-016 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Compound V2 uses Exponential.sol fixed-point math (scale factor 1e18) which reduces divide-before-multiply risk. The Cyfrin Ignite 2025 audit found precision loss in QI fee calculations (remediated). Cannot confirm absence of divide-before-multiply in all lending arithmetic paths without Slither tool run on deployed source. Yellow: precision issue found and fixed in Ignite component; core lending not tool-verified.

Sources #

GitHub
ExponentialNoError.sol — BENQIExponentialNoError.sol — Compound V2 WAD-based fixed-point mathretrieved 2026-05-16
URL
BENQI Security Article — Cyfrin precision findingCyfrin precision loss finding in QI fee calculations, remediatedretrieved 2026-05-16

Methodology #

Determine whether Slither's `divide-before-multiply` detector fires on the deployed verified source.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol benqi factor RD-F-016 score yellow collected_at 2026-05-16 11:02:12