TL;DR — BENQI has one of the most comprehensive public audit records in Avalanche DeFi: 9+ independent assessments across Halborn, Certora (formal verification), Dedaub, Cyfrin, Zellic, and Chaos Labs — covering every major product component. But audits alone don't tell the full story. This post breaks down the complete security stack, including the risks that no audit can eliminate.
Why Protocol Security Is Layered, Not Binary
Security in DeFi isn't a checkbox. A protocol isn't "audited = safe" — it exists on a spectrum defined by:
- Audit breadth — how many components have been reviewed, and by whom
- Methodology depth — traditional audit vs. formal verification vs. penetration testing
- Operational safeguards — multisig governance, MPC infrastructure, emergency functions
- Risk transparency — how honestly the team communicates residual exposure
BENQI, Avalanche's #1 DeFi protocol by TVL, covers all four. Let's go layer by layer.
📋 The Full Audit Timeline
Every major product component has its own audit history. Here's the complete record, sourced from docs.benqi.fi/resources/risks.
Layer 1 — BENQI Liquidity Market
| Audit | Firm | Date | Scope |
|---|---|---|---|
| Smart Contract Audit | Halborn | May 2021 | Core lending & borrowing contracts |
| Web App Pentest | Halborn | March 2022 | Front-end, backend API, CORS/security headers |
About Halborn: An elite blockchain cybersecurity firm that has completed 2,500+ engagements and claims to protect over $1 trillion in value. Clients include Coinbase and Ava Labs. Their engagement with BENQI includes an ongoing retainer — not just a one-time review. Every new feature deployment requires Halborn's approval before release.
"As security and safety is a continuous effort, Halborn will conduct ongoing auditing and penetration testing of the protocol, where all future deployments of additional features will have Halborn's stamp of approval."
— BENQI announcement, July 2021
Layer 2 — BENQI Liquid Staking & sAVAX
| Audit | Firm | Date | Scope |
|---|---|---|---|
| Smart Contract Audit | Halborn | Nov 2021 – Feb 2022 | sAVAX minting, P-Chain delegation, reward accounting |
| Formal Verification | Certora | April 2022 | sAVAX contract invariants (mathematical proof) |
| Formal Verification + Listing Audit | Certora | June 2022 | sAVAX integration on Aave v3 |
What makes Certora different?
Traditional audits are expert code reviews — skilled humans read the code and reason about what could go wrong. Formal verification is fundamentally different:
Traditional Audit
─────────────────
Human reads code
↓
Reasons about edge cases
↓
Tests sample inputs/paths
↓
Reports findings
Formal Verification (Certora Prover)
─────────────────────────────────────
Developer writes invariant specs
↓
Prover checks ALL possible states mathematically
↓
Either proves invariant holds universally
↓
Or produces a counterexample that violates it
For sAVAX specifically, formal verification can prove properties like:
- The sAVAX/AVAX exchange rate can only increase or stay constant — across every possible execution path, not just tested ones
- No operation reduces total staked AVAX without a corresponding sAVAX burn — mathematically, not probabilistically
This is a significantly stronger guarantee than traditional testing. The fact that BENQI pursued Certora verification for its most critical token (sAVAX) signals a genuine commitment to mathematical security.
Layer 3 — Ignite (Validator Infrastructure)
| Audit | Firm | Date | Scope |
|---|---|---|---|
| Security Analysis | Dedaub | March 2023 | Initial Ignite contract architecture |
| Security Analysis | Cyfrin | December 2024 | Full Ignite pre-launch audit |
Cyfrin's BENQI engagement is publicly visible at github.com/Cyfrin/2025-01-benqi. The audit covered:
Cyfrin Scope (Dec 2024)
├── StakingContract.sol — QI staking, reward distribution
├── Ignite.sol — Validator registration logic
├── Price oracle integration — AVAX/QI valuation for fees
├── Fee calculation mechanics — PAYG weekly fee math
├── Payment token handling — AVAX, USDC, QI payment paths
└── Zeeve hosting integration — Third-party node provider interface
Notable findings addressed pre-launch included edge cases in oracle validation (inconsistent AVAX price checks vs. QI price checks) and precision loss in QI fee calculations. These were remediated before the October 2025 launch.
Layer 4 — Isolated Markets
| Audit | Firm | Date | Scope |
|---|---|---|---|
| Security Assessment | Moonwell/independent | August 2023 | Upstream Moonwell codebase (inherited by BENQI) |
| Code4rena Contest | Code4rena community | October 2023 | Public contest findings on Moonwell codebase |
| Isolated Markets Audit | Independent | 2024 | BENQI's isolated pool implementation |
Why Moonwell audits matter here: BENQI's isolated market architecture draws on code originally developed for Moonwell. Rather than hiding this codebase lineage, BENQI explicitly lists Moonwell's audit history in their documentation — allowing developers to trace the full security provenance of the inherited code.
Layer 5 — Oracle Infrastructure
| Audit | Firm | Date | Scope |
|---|---|---|---|
| Oracle Audit | Zellic | Undated | Price feed contracts |
| Dual Oracle Contract | Chaos Labs | May 2025 | Dual-source oracle logic |
Oracle manipulation has been the attack vector behind some of DeFi's largest exploits. BENQI addresses this with:
- Dual oracle architecture — two independent price sources for critical valuations
- Dedicated oracle audits — separate from general contract audits
- Chaos Labs' own contract audited — the logic governing how discrepancies between two oracle sources are handled was itself independently reviewed
🏗️ The Operational Security Stack
Audits cover code. Operational security governs what happens after deployment.
Multisig Governance
All protocol parameter changes — interest rate models, collateral factors, asset listings, liquid staking functions — require multi-party approval through a multisig framework.
What it protects against: Single-actor compromise. No individual team member can unilaterally modify critical parameters.
What it doesn't protect against (documented honestly by BENQI):
⚠️ RESIDUAL MULTISIG RISK
If a coordinated attack compromises a threshold
of signers simultaneously — via phishing, key theft,
social engineering, or misconduct — an attacker could:
→ Modify collateral factors / liquidation thresholds
→ Approve harmful asset listings
→ Redirect staked AVAX
→ Disable protective measures
Security audits do NOT protect against signer compromise.
MPC Infrastructure for Cross-Chain Staking
Avalanche staking requires AVAX to move between the C-Chain (where BENQI's contracts live) and the P-Chain (where validator delegation happens). BENQI manages this with an off-chain Multi-Party Computation (MPC) protocol:
C-Chain AVAX
│
▼
MPC Node 1 ──┐
MPC Node 2 ──┼──► Threshold signature ──► P-Chain staking
MPC Node 3 ──┤
MPC Node N ──┘
Rule: signing requires ≥ threshold of independent nodes
Geographically distributed — nodes are independent and spread across locations.
Residual risks (from official docs):
| Risk | Description |
|---|---|
| Threshold compromise | Simultaneous breach of required node count → unauthorized signatures |
| Operational halt | Enough nodes go offline → staking/unstaking/transfers pause until recovery |
Upgradeable Contracts
Certain contracts — including lending markets and liquid staking — are upgradeable. BENQI documents this risk directly:
"Where an upgrade is implemented, the revised contract logic may alter how the protocol behaves, including how your positions, deposits, staking, or withdrawals are processed. Upgrades may introduce risks that did not exist in the prior version."
Developer implication: If you're building integrations on top of BENQI, contract upgradeability affects your integration design. Track governance proposals for upgrade signals and avoid hardcoding assumptions about specific contract behavior.
Continuous Risk Monitoring — Chaos Labs
BENQI works with Chaos Labs for ongoing parameter risk assessment. This isn't a one-time configuration — it's a live dashboard tracking:
- Collateral factor adequacy as market conditions change
- Utilization rate stress indicators
- Liquidation threshold safety margins
- Asset-specific risk signals
Static audit reports go stale. Real-time risk monitoring doesn't.
🗂️ Complete Risk Matrix
| Risk Category | Mitigation | Residual Exposure |
|---|---|---|
| Smart contract bugs | 9+ audits, formal verification, open-source | Novel attack vectors, upgrade-introduced bugs |
| Oracle manipulation | Dual oracle, Zellic + Chaos Labs audits | Sophisticated coordinated price manipulation |
| Admin key compromise | Multisig framework | Coordinated signer compromise |
| MPC infrastructure | Distributed nodes, threshold signing | Simultaneous node compromise or outage |
| Liquidation gaps | Deterministic Avalanche finality | Extreme volatility / cascading liquidations |
| sAVAX price deviation | Exchange rate model (not rebasing) | Secondary market discount during stress events |
| Upgrade risk | Governance process, audit before deployment | New code introduces new attack surfaces |
🧑💻 Developer Checklist
If you're integrating with BENQI, building on sAVAX, or deploying capital on the protocol:
- [ ] Use protocol exchange rate for sAVAX, not secondary market price — they can diverge during stress events
- [ ] Isolated market pools are independent — scoping your integration to one pool doesn't expose you to another pool's risk events
- [ ] Monitor BENQI governance for upgrade proposals — upgradeable contracts mean behavioral assumptions can change
- [ ] Read Cyfrin's public audit at
github.com/Cyfrin/2025-01-benqifor the most recent deep technical review of Ignite contracts - [ ] Check Chaos Labs dashboard for live collateral factor parameters before building integrations that depend on specific values
- [ ] Account for 15-day unstaking cooldown in any integration involving sAVAX redemption flows
🔍 Audit Coverage Summary
BENQI Security Coverage Map
════════════════════════════
Lending Markets ████████████ Halborn (2021) + ongoing retainer
Liquid Staking ████████████ Halborn (2021-22) + Certora FV (2022)
sAVAX integrations ████████████ Certora FV for Aave v3 (2022)
Ignite ████████████ Dedaub (2023) + Cyfrin (2024)
Isolated Markets ██████████░░ Moonwell heritage + dedicated 2024 audit
Oracles ████████████ Zellic + Chaos Labs (2025)
Web app / API ████████░░░░ Halborn pentest (2022)
Frequently Asked Questions
Has BENQI ever been exploited?
No major protocol exploit since launch in August 2021 — across a period when dozens of DeFi protocols were compromised.
What's the difference between a traditional audit and Certora formal verification?
A traditional audit is an expert review across a defined scope. Formal verification mathematically proves that specified invariants hold across all possible contract states — not just tested ones. Both are complementary: audits find broad vulnerabilities; formal verification provides mathematical certainty on critical properties.
Are audit reports publicly available?
Yes. docs.benqi.fi/resources/risks links every report. Cyfrin's BENQI engagement is also on GitHub at Cyfrin/2025-01-benqi.
Who is Chaos Labs and why do they matter for BENQI?
Chaos Labs is BENQI's risk management partner, providing continuous monitoring of lending market parameters. Their own dual oracle contract — which determines how two independent price sources are reconciled — was independently audited in May 2025.
What should I do if I find a vulnerability?
Check BENQI's current documentation for responsible disclosure procedures. The combination of open-source contracts and multiple audit firms creates meaningful incentives for the security research community to engage.
Top comments (0)