Static-analyzer high-severity count

Lombard Finance's assessment for RD-F-010 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No published Slither/Mythril/Semgrep run output exists for Lombard EVM contracts. Using published audit findings as proxy. Veridise V1 (0 findings), Veridise V2 (0 findings), OZ V2 (8 high across both Golang and EVM layers, 6 fully resolved, 2 partially resolved — but partially-resolved items are Golang/Ledger layer, not EVM). The Ackee Solana audit found 1 high ('Possible unauthorized LBTC minting') — acknowledged/fixed per audit summary. No active unresolved high-severity EVM finding identified from published audits. Cannot definitively count Slither findings without a tool run — scored yellow because audit evidence is secondary proxy.

Sources #

Audit
Veridise V2 Audit SummaryVeridise V2: 0 findings totalretrieved 2026-05-05
Audit
OpenZeppelin V2 AuditOZ V2: 8H, 5M, 13L, 13N; 32 resolved, 3 partially resolvedretrieved 2026-05-05
Audit
Ackee Blockchain Lombard Audit SummaryAckee Solana: 1H (unauthorized LBTC minting) — acknowledged/fixedretrieved 2026-05-05

Methodology #

Count the number of unique high-severity detector findings from Slither + Mythril + Semgrep run against the deployed verified source (after deduplication across tools).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lombard factor RD-F-010 score yellow collected_at 2026-05-05 12:03:08