Resolved-without-proof findings

Lombard Finance's assessment for RD-F-003 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

OZ V2 audit (Nov-Dec 2024): 39 total findings, 32 resolved, 3 partially resolved. Two high-severity findings remain partially resolved: (1) Sanctioned Address Checks — bridge and unstake strategies lacked sanction checks, team deferred full implementation pending future economic incentive mechanisms; (2) Unstake Payment Reuse — single BTC tx could satisfy multiple unstake payloads, team deferred fix. Both partially-resolved highs relate to the Golang Lombard Ledger layer (not EVM smart contracts directly). All OZ V2 EVM-layer findings appear resolved. Veridise V1 and V2: 0 findings each, so no unverifiable resolutions there. Halborn V1/V1.5/V2 reports not individually reviewed for resolution status but no post-audit finding regression reported in subsequent audits.

Sources #

Audit
Veridise Security Consortium Smart Contracts AuditVeridise V2: 0 findings at commits 109a3f2 / ebfda9fretrieved 2026-05-05
Audit
OpenZeppelin Lombard V2 Audit News PageOZ V2 audit: 39 findings, 32 resolved, 3 partially resolved; commits 282b484 / 5622904retrieved 2026-05-05

Methodology #

Count the number of findings the audit report marks "Resolved" or "Fixed" where no matching on-chain bytecode change or verifiable commit can be found.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lombard factor RD-F-003 score yellow collected_at 2026-05-05 12:03:08