★ Audit scope mismatch

Compound V3 (Comet)'s assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

OZ 2022 audit commit 0f1221967 no longer matches deployed impl (upgraded April 26, 2026 via tx 0x747628b8). OZ continuous partnership (12 audits in 2024, 40+ in July 2024-June 2025 term) covers V3 updates but per-deployment commit-level match is not publicly verifiable from individual audit PDFs.

Sources #

URL
https://www.openzeppelin.com/news/strengthening-defi-openzeppelin-and-compounds-security-partnership-in-2024retrieved 2026-04-28
Etherscan
https://etherscan.io/address/0xc3d688B66703497DAA19211EEdff47f25384cdc3retrieved 2026-04-28
Audit
https://www.openzeppelin.com/news/compound-iii-auditretrieved 2026-04-28

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol compound-v3 factor RD-F-001 score yellow collected_at 2026-04-28 00:20:50