★ Post-audit code changes without re-audit

Liquid Collective (LsETH)'s assessment for RD-F-139 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Most recent mainnet deployment (Nov 20, 2024) is covered by Certora Nov 2024 formal verification audit. Since then, significant development in GitHub: BYOV feature scripts (Apr 2026), Solidity version bump 0.8.20->0.8.33 (Feb 2026), security fixes referencing Certora audit codes H-01/M-01/M-03/M-06/L-01/L-05 (Mar 2026). BYOV and post-Certora fixes have NOT been deployed to mainnet. March 2026 commits reference a Certora audit (internal ticket codes), suggesting a new engagement, but no public 2026 report is available at liquidcollective.io/security-audits/. Current deployed bytecode is audited; if BYOV deploys without public audit confirmation this becomes red.

Sources #

URL
Security audits page — no 2025 or 2026 audit listed publiclyliquidcollective.io/security-audits/ — Nov 2024 Certora is most recent listedretrieved 2026-05-17
GitHub
GitHub commits — post-audit BYOV development with Certora-tagged fixes, not yet deployedliquid-collective-protocol commits Mar 2026 — [L-01][Certora Audit] fix tags, BYOV Apr 2026retrieved 2026-05-17
Audit
Certora formal verification — Nov 2024, covers current deployed bytecodeCertora Nov 26, 2024 — covers v1.2.1 deployed Nov 20, 2024retrieved 2026-05-17

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol liquid-collective factor RD-F-139 score yellow collected_at 2026-05-16 19:46:23