★ Audit scope mismatch

Concrete's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cantina Feb 20, 2026 audit covers V2 Core at an unstated commit (PDF is binary-only). Factory upgraded March 19, 2026 (tx 0xb0fcfafe, block 24,692,293) to impl 0x224f3450, 27 days after Cantina audit. No audit explicitly covers the upgraded factory impl post-March 19. Halborn Apr 2026 component audits (Position Helper, Hurdle Rate) do not cover the factory upgrade. Yellow: not confirmed bytecode match between audit commit and deployed impl; material gap limited to factory only; CONTRIBUTING.md requires audited code on main branch; upgrade executed via 3-of-5 Safe multisig suggesting controlled process.

Sources #

Etherscan
ConcreteFactory implementation verified sourceConcreteFactory impl 0x224f3450 — solc 0.8.27 190 runsretrieved 2026-05-17
Audit
Blueprint Finance Earn V2 Core — Standard ImplementationHalborn Earn V2 Core Standard Implementation audit — commit b1b7cec, report Oct 10 2025retrieved 2026-05-17
Tx
ConcreteFactory implementation upgrade March 2026ConcreteFactory upgrade tx block 24692293 Mar 19 2026retrieved 2026-05-17
Audit
Cantina Concrete Finance Earn V2 Core AuditCantina Earn V2 Core audit — Feb 20 2026retrieved 2026-05-17

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol concrete factor RD-F-001 score yellow collected_at 2026-05-17 14:36:59