Reentrancy guard on external-calling functions

Veda (BoringVault)'s assessment for RD-F-014 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No published Slither reentrancy detector output is available. A-4 and A-8 audited the Teller and Accountant contracts with no high/critical findings. The enter()/exit() user-facing functions use requiresAuth. Without published tool output, the factor cannot be definitively assessed. Marked yellow ([?] confidence) rather than gray because the audit coverage provides partial assurance.

Sources #

Audit
Seven Seas A-4 — Teller and BoringVault scopeA-4 covered Teller and BoringVault with no high/critical findings (implicit reentrancy coverage)retrieved 2026-05-17
GitHub
BoringVault.sol — enter/exit functionsBoringVault.sol enter()/exit() — requiresAuth gatedretrieved 2026-05-17

Methodology #

Determine whether all state-mutating functions that perform external calls carry `nonReentrant` or an equivalent reentrancy guard.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-014 score yellow collected_at 2026-05-17 12:41:22