GitHub malicious-dependency incident touching protocol deps

BENQI's assessment for RD-F-160 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

GitHub malicious-dependency monitoring applicable: BENQI-Smart-Contracts repo has npm dependencies. Repo last commit 2023-01-11; dependency pins from that date may not auto-update. No GitHub security advisory flagging a malicious dep in BENQI's dependency chain as of 2026-05-16. Requires GitHub advisory feed monitoring not yet implemented. Pipeline not implemented.

Sources #

GitHub
BENQI public GitHub repo — last commit 2023-01-11https://github.com/Benqi-fi/BENQI-Smart-Contractsretrieved 2026-05-16

Methodology #

Determine whether a security advisory flags a malicious release in a dependency consumed by this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol benqi factor RD-F-160 score gray collected_at 2026-05-16 11:02:12