★ Audit scope mismatch

ether.fi's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

27 audit engagements across 8 firms (2023-02 to 2026-03); Certora FV retainer with 15 reports, most recent reaudit of core contracts 2026-01-29 (88 days before assessment). No signed git release tags exist in the repo, making exact commit-to-bytecode matching imprecise. Deployed Etherscan bytecode for core contracts compiled with solc 0.8.13 while foundry.toml configures 0.8.27 — a version mismatch indicating legacy contracts have not been recompiled at the current toolchain version. Certora ongoing FV retainer provides rolling coverage compensating for the lack of formal release tagging.

Sources #

Etherscan
LiquidityPool proxy — solc v0.8.13 confirmed0x308861A430be4cce5502d0A12724771Fc6DaF216 #coderetrieved 2026-04-28
GitHub
Certora Reaudit Core Contracts (2026-01-29)etherfi-protocol/smart-contracts/blob/master/audits/2026.01.29 - Certora - Reaudit Core Contracts.pdfretrieved 2026-04-28
GitHub
No signed release tags — releases page emptyetherfi-protocol/smart-contracts releases pageretrieved 2026-04-28
GitHub
ether.fi audits directory (27 reports)etherfi-protocol/smart-contracts/tree/master/auditsretrieved 2026-04-28

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ether-fi factor RD-F-001 score yellow collected_at 2026-04-28 13:58:46