defirisk.co
rubric v1.7.0

Audit scope mismatch

Falcon Finance's assessment for RD-F-001 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No public GitHub; commit SHAs unverifiable. Three audits (Zellic Feb-Mar 2025, Pashov Feb 2025) predate post-TGE contracts (sFF Sep 2025, sFF-Prime Jan 2026, FF Staking Vault Nov 2025). Material audit-scope mismatch at $1.618B TVL.

Detail #

No public smart-contract repository has been found for Falcon Finance. The profile confirms no official GitHub found as of 2026-05-12. Without a public repo, deployed bytecode cannot be independently compared to audited source. The Pashov audit PDF references commit 9c34a242ae6c39e2054d5e3bb62e44328339aaa1 for StakedUSDf.sol but this cannot be matched to Etherscan-verified bytecode since the source repo is private. Zellic audited USDf/sUSDf Feb 11-17 2025 (published Mar 7 2025). Post-TGE contracts: sFF deployed Sep 29 2025 (Solidity 0.8.30, Prague EVM), sFF-Prime deployed Jan 5 2026 (TransparentUpgradeableProxy v0.8.28), FF Staking Vault deployed approximately Nov 2025 (Solidity 0.8.30, 1M optimizer runs, Prague EVM). None of these post-TGE contracts appear in any known audit. The Insurance Fund (0x432CDcc4...) resolves to a SafeProxy rather than a standalone contract. The TVL of $1.618B managed by these contracts includes post-TGE staking infrastructure with zero audit coverage.

Sources #

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol falcon-finance factor RD-F-001 score red collected_at 2026-05-12 04:06:37