defirisk.co
rubric v1.7.0

Flash loan >$10M targeting protocol tokens

Chainlink CCIP's assessment for RD-F-100 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

CCIP has no borrow market, no AMM liquidity pool, and no flash-loan vulnerability surface. CCIP's OCR consensus mechanism cannot be manipulated via flash loans — flash loans require within-transaction state changes that interact with a single contract's accounting; CCIP's message validation requires cross-DON quorum consensus across off-chain nodes, which is immune to flash-loan timing. No LINK token flash-loan governance vulnerability applies (LINK holders have no on-chain CCIP governance votes). Structurally not applicable.

Sources #

  • Internal
    Chainlink CCIP profile — governance topology section.research/protocols/chainlink-ccip/00-profile.md §6 — governance model: corporate multisig, no DAO, no LINK-holder flash-loan governance attack surfaceretrieved 2026-05-16

Methodology #

Detect whether a flash loan >$10M denominated in protocol tokens or LP tokens has originated, likely to interact with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol chainlink-ccip factor RD-F-100 score not_applicable collected_at 2026-05-16 01:55:09