Resolved-without-proof findings

Liquity V1 + V2 (LUSD / BOLD)'s assessment for RD-F-003 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Dedaub Aug-2024 found 1 high (H1 CollateralRegistry setTroveManager access control) and 14 mediums, all marked resolved. Recon/Gallo found 2 highs (Batch Shares Math Rebase, Insufficient Flashloan Protection), both resolved in subsequent audit rounds. Cantina competition found 0 critical/high, 2 mediums acknowledged-but-not-fixed, 36 lows acknowledged. No high/critical finding marked resolved without verifiable on-chain proof; 2 Cantina mediums left unresolved places this at yellow.

Sources #

Audit
Bold Protocol Security Review (Recon/GalloDaSballo)Recon review commit a5049ab9, 2 highs documented and resolvedretrieved 2026-05-16
Audit
Liquity v2 Core Protocol Audit Report I (Dedaub, Aug 2024)Dedaub Aug-2024 H1 (setTroveManager access control) resolvedretrieved 2026-05-16
Audit
Cantina v2 Audit Competition resultsCantina competition 0 critical/high, 2 mediums acknowledged-unresolvedretrieved 2026-05-16

Methodology #

Count the number of findings the audit report marks "Resolved" or "Fixed" where no matching on-chain bytecode change or verifiable commit can be found.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol liquity factor RD-F-003 score yellow collected_at 2026-05-16 10:35:50