★ Post-audit code changes without re-audit

Axelar Network's assessment for RD-F-139 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

ITS proxy underwent 6 upgrades (Mar 2024 – Jul 2025). Axelar's audits repo shows ITS coverage: Ackee Jan 2025, NCC at multiple dates (Mar/Jun/Nov 2024, Jan/Apr 2025), Arda Apr 2025. The Jul 2025 upgrade is within ~3 months of most recent confirmed audits (Apr 2025). However, no explicit audit commit-SHA-to-upgrade mapping is published. Some delta changes between audits and upgrade deployments may be un-audited. 70+ total audits suggest strong overall coverage discipline. All upgrades executed directly by EOA with no timelock, which increases urgency of audit coverage.

Sources #

GitHub
Axelar Network Audits — GitHubAxelar audits repo: 70+ reports; NCC/Ackee/Arda ITS coverage through Apr 2025retrieved 2026-05-17
Etherscan
ITS Proxy upgrade events — EtherscanITS proxy Upgraded events: Jul 9 2025, Feb 21 2025, Jan 10 2025, Mar 25 2024, Mar 12 2024, Mar 9 2024retrieved 2026-05-17
Audit
Code4rena 2023-07 Axelar AuditCode4rena 2023-07-axelar audit — H-01, H-02 fixed via PRs; ITS in scoperetrieved 2026-05-17

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol axelar factor RD-F-139 score yellow collected_at 2026-05-16 21:57:49