defirisk.co
rubric v1.7.0

Fork retains upstream audit coverage

Lista DAO's assessment for RD-F-131 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

2022 audits (SlowMist, PeckShield, Certik, Veridise) covered initial fork but predate the oracle vulnerability that enabled the Dec 2022 incident. 2024 module-specific audits cover AMO, PSM, OFT, slisBNB Provider, Oracle. CDP core (vat/jug/Interaction) has no post-2022 audit. Lista Lending (April 2025) has NO audit. Classification: upstream-only for CDP core (gap risk) + partial delta audits for newer modules. No single comprehensive fresh audit of current codebase.

Sources #

  • Audit
    Lista DAO 2024 Module Audits2024 module audits (BlockSec, Salus, Bailsec, PeckShield) cover AMO, PSM, OFT, oracle — not CDP core or Lista Lendingretrieved 2026-05-12
  • Audit
    Lista DAO 2022 Launch Audits2022 audit PDFs (SlowMist, PeckShield, Certik, Veridise) — cover initial launch, predate Dec 2022 incidentretrieved 2026-05-12

Methodology #

Determine whether the fork's deployed code is covered by either: (a) the upstream audit plus a delta-audit for fork-specific changes, or (b) a fresh independent audit of the fork.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lista-dao factor RD-F-131 score yellow collected_at 2026-05-12 17:54:05