★ Post-audit code changes without re-audit

Lista DAO's assessment for RD-F-139 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Last publicly listed audit: November 27, 2024 (BlockSec + Bailsec for slisBNB Provider + VotingIncentive). GitHub lista-dao-contracts commits from August 7, 2025 include xSolvBTC PriceFeed/Oracle additions and CI evm_version fixes. Data cache last_commit_date: 2026-05-07 confirms ongoing post-audit development. No 2025 audit reports in /audits/ directory (listing confirmed: latest files dated 241127). Material post-audit code changes deployed without confirmed re-audit coverage.

Sources #

GitHub
Lista DAO audits directory — no 2025 audit reports/audits/ directory listing: latest files blocksec_lista_SlisbnbProvider...241127.pdf; Bailsec...241127.pdf — no 2025 filesretrieved 2026-05-12
GitHub
Lista DAO contracts post-audit commits — GitHublista-dao-contracts commits Aug 7 2025: xSolvBTC PriceFeed, Oracle deployment scripts, CI evm_version fixretrieved 2026-05-12

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lista-dao factor RD-F-139 score red collected_at 2026-05-12 17:54:05