Code complexity vs audit coverage

Marinade Finance's assessment for RD-F-024 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Marinade liquid staking program has approximately 23 instruction handlers in a modular Rust/Anchor codebase. Two independent firms (Neodyme and Sec3) audited in parallel for the v2.0 upgrade, providing redundancy. Without running cyclomatic complexity metrics (not applicable for Solana BPF via EVM tools), qualitative assessment yields yellow: audit appears adequate for code scope but complexity metrics are not programmably verifiable from available public data.

Sources #

GitHub
Marinade Finance lib.rslib.rs listing 23 instruction handlers in modular structureretrieved 2026-05-16
Docs
Marinade Finance Security AuditsMarinade audits page — dual-firm 2023 parallel auditretrieved 2026-05-16

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol marinade factor RD-F-024 score yellow collected_at 2026-05-16 08:48:35