defirisk.co
rubric v1.7.0

Auditor re-engaged after last exploit

Balancer (v2 + v3)'s assessment for RD-F-083 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Nov 2025 incident: Trail of Bits published incident analysis/guidance 2025-11-07 (Tier-1 firm, but commentary not a formal re-audit). Certora published root-cause breakdown. No formal re-audit of patched v2 contracts post-Nov-2025 found. Protocol response was factory disable + migration to v3 rather than v2 patch + re-audit. v3 had ongoing Certora audits (2026-01 comprehensive) but v3 was not the affected system. Score: yellow (third-party review only, not a formal Tier-1 re-audit of affected codebase).

Sources #

  • URL
    https://www.certora.com/blog/breaking-down-the-balancer-hackretrieved 2026-05-05
  • GitHub
    https://github.com/balancer/balancer-v3-monorepo/tree/main/auditsretrieved 2026-05-05
  • Audit
    https://blog.trailofbits.com/2025/11/07/balancer-hack-analysis-and-guidance-for-the-defi-ecosystem/retrieved 2026-05-05

Methodology #

Determine whether a reputable auditor performed a re-audit or incident review after the most recent exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol balancer factor RD-F-083 score yellow collected_at 2026-05-05 12:41:36