defirisk.co
rubric v1.7.0

Reentrancy guard on external-calling functions

Sky Lending (formerly MakerDAO)'s assessment for RD-F-014 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

MCD architecture uses checks-effects-interactions pattern. Vat frob() commits state to internal ledger before any ERC-20 token transfers (via GemJoin pattern). No reentrancy findings in ToB/PeckShield audits. Sherlock #47 reentrancy excluded as invalid.

Sources #

  • URL
    https://github.com/makerdao/mcd-security/blob/master/Audit%20Reports/TOB_MakerDAO_Final_Report.pdfretrieved 2026-04-27
  • URL
    https://docs.makerdao.com/smart-contract-modules/core-module/vat-detailed-documentationretrieved 2026-04-27

Methodology #

Determine whether all state-mutating functions that perform external calls carry `nonReentrant` or an equivalent reentrancy guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sky-lending factor RD-F-014 score green collected_at 2026-04-28 00:43:18