Reentrancy guard on external-calling functions

Chainlink CCIP's assessment for RD-F-014 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

OffRamp.sol performs external calls to token pools and receiver contracts. Source review did not confirm nonReentrant on primary message execution path. CEI pattern and immutable pool references provide structural mitigation but cannot substitute for confirmed reentrancy guard presence without a Slither tool run.

Sources #

GitHub
OffRamp.sol source (Nov-2024 audit scope)OffRamp.sol — external calls to token pools and receiver; no nonReentrant observed but not confirmed absentretrieved 2026-05-16

Methodology #

Determine whether all state-mutating functions that perform external calls carry `nonReentrant` or an equivalent reentrancy guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol chainlink-ccip factor RD-F-014 score gray collected_at 2026-05-16 01:55:09