Reentrancy guard on external-calling functions

Save (formerly Solend)'s assessment for RD-F-014 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Solana's runtime prevents true EVM-style reentrancy. Flash-loan access control was specifically addressed in commit 4c2d5c1 (Sept 2021, in Kudelski audit scope). No reentrancy vulnerability confirmed in deployed code.

Sources #

Commit
Flash loan access control fixFlash loan access control commit 4c2d5c1retrieved 2026-05-17
Audit
Solend Audit v1.0 — Kudelski SecurityKudelski v1.0 covers flash-loan security in scoperetrieved 2026-05-17

Methodology #

Determine whether all state-mutating functions that perform external calls carry `nonReentrant` or an equivalent reentrancy guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-014 score green collected_at 2026-05-17 15:20:15