Code complexity vs audit coverage

Cap (cUSD / stcUSD)'s assessment for RD-F-024 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cap has ~200+ Solidity files across 15+ directories (token, lendingPool, vault, oracle, delegation/eigenlayer, delegation/symbiotic, access, gelato, feeAuction, feeReceiver, fractionalReserve, etc.; 749 commits). The Sherlock competitive audit covered 47 files. The codebase is substantial for a 9-month-old protocol; 9 engagements provide reasonable coverage cadence but exact LOC/audit-day ratio is not available without PDF access. The ratio of ~200 contract files to 9 audits suggests yellow complexity coverage (adequate but not fully verifiable).

Sources #

GitHub
Sherlock Audit — 47 Files in Scopesherlock-audit/2025-07-cap — 47 files in competitive audit scoperetrieved 2026-05-17
GitHub
Cap Contracts Repository — File Countapi.github.com/repos/cap-labs-dev/cap-contracts/git/trees/main — ~200+ Solidity files in contract treeretrieved 2026-05-17

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol cap factor RD-F-024 score yellow collected_at 2026-05-17 10:56:24