Code complexity vs audit coverage

Lista DAO's assessment for RD-F-024 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

21 audits across 8 firms cover different modules (OFT, AMO, PSM, Emission Voting, slisBNB Provider, Oracle). CDP core (vat/jug/spot/dog/clip/Interaction) has NOT been re-audited since 2022. Lista Lending (~April 2025, ~$189.5M borrowed) has NO audit PDF in /audits/. The codebase has grown substantially (20+ collateral types, new modules) with fragmented rather than comprehensive audit coverage.

Sources #

GitHub
Lista DAO Audits Directory — no 2025 or Lista Lending auditAudits directory — 20 PDFs but none titled Lista Lending or dated 2025; CDP core last audited 2022retrieved 2026-05-12

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lista-dao factor RD-F-024 score yellow collected_at 2026-05-12 17:54:05