Code complexity vs audit coverage

Falcon Finance's assessment for RD-F-024 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Zellic: 7-day audit window for USDf/sUSDf (2 standard ERC-20 contracts) — adequate for scope. Post-TGE contracts (sFF, sFF-Prime, Staking Vault) have 0 audit coverage. Complexity-to-coverage ratio poor for full deployed surface.

Detail #

For the audited surface (USDf + sUSDf), the Zellic 7-day audit (Feb 11-17) appears adequate given these are standard ERC-20 + ERC4626 staking contracts. Pashov focused on StakedUSDf.sol specifically. The concern is the full deployed system: FF Staking Vault (StakingRewards contract with 1M optimizer runs), sFF-Prime (TransparentUpgradeableProxy), sFF (deployed Sep 2025), and Insurance Fund have zero audit coverage. The complexity-to-coverage ratio for the complete protocol is poor.

Sources #

Audit
Zellic Falcon Finance AuditZellic: 7-day audit window Feb 11-17 2025 for USDf/sUSDfretrieved 2026-05-12
Etherscan
FF Staking Vault — EtherscanFF Staking Vault: StakingRewards (1M optimizer runs, 0.8.30) — no audit foundretrieved 2026-05-12

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol falcon-finance factor RD-F-024 score yellow collected_at 2026-05-12 04:06:37