★ Audit scope mismatch

dYdX v4 (dYdX Chain)'s assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Six Informal Systems engagements cover all original custom modules through Q2+ 2024; Q3 2025 Proposer Selection audit is a narrower-scope follow-on. MegaVault/x/vault covered by 2024 Vaults audit. Cantina bounty active since May 2026. Some 2025 module changes (v5-v9 protocol upgrades) lack a full-scope audit. Non-EVM chain means audit coverage is evaluated against governance-upgrade-activated release tags rather than Etherscan bytecode.

Sources #

GitHub
dYdX v4-chain /audits directory (6 Informal Systems PDFs)dydxprotocol/v4-chain audits directoryretrieved 2026-05-17
URL
dYdX Cantina Bug Bounty — launched 2026-05-08Cantina bug bounty programretrieved 2026-05-17
GitHub
Informal Systems Q3 2025 Proposer Selection Updates Auditinformalsystems/audits dYdX Q3 2025 reportretrieved 2026-05-17
URL
Dive Into The dYdX Chain Audit — dYdX BlogdYdX Chain Audit blog postretrieved 2026-05-17

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dydx-v4 factor RD-F-001 score yellow collected_at 2026-05-17 09:58:47