★ Audit scope mismatch

Hyperliquid's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Bridge2 surface: 3 audits (Cyfrin Mar 2023, Zellic Aug 2023, Zellic Nov 2023); last commit d7e66aa7 2023-11-28 'address audit comments'; no on-chain upgrades detected post-Nov 2023, so Bridge2 bytecode plausibly matches audited code. L1 surface: HyperCore binary has zero audits and is closed-source. At the protocol level the dominant TVL-bearing operational surface is categorically unaudited, constituting a material scope mismatch.

Sources #

GitHub
Hyperliquid contracts commit historyhyperliquid-dex/contracts commit log — last commit d7e66aa7 2023-11-28retrieved 2026-04-28
Docs
Hyperliquid audits pageHyperliquid audits page listing Zellic + Cyfrin reportsretrieved 2026-04-28
Audit
Zellic Hyperliquid November 2023 Audit ReportZellic November 2023 — patch review of Bridge2retrieved 2026-04-28

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperliquid factor RD-F-001 score yellow collected_at 2026-04-28 13:58:49