defirisk.co
rubric v1.7.0

Code complexity vs audit coverage

Balancer (v2 + v3)'s assessment for RD-F-024 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No LOC/audit-day metric available for this assessment without tool run. Balancer has 24 audit engagements across 4 firms — the coverage breadth is exceptional. However, the confirmed exploits of code areas excluded from audit scope (Stable Math library, Boosted Pools/LinearPools never audited) suggest complexity exceeded coverage in specific sub-modules. Exact cyclomatic complexity or LOC per audit-day ratio requires tool inspection not available in this static assessment.

Sources #

  • Curator note
    Curator note: complexity exceeds coverage in specific sub-modulesAssessment note: 24 engagements noted but scope gaps confirmed for Stable Math library (ToB 2022-09 audit) and Boosted Pools (never audited per profile §11)retrieved 2026-05-05

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol balancer factor RD-F-024 score gray collected_at 2026-05-05 12:41:36