Audit-to-deploy gap

Meteora's assessment for RD-F-006 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Per-version incremental audit model suggests each program version is audited before deployment (README states 'at least 2 different auditors each time we update or release a new program'). Precise sign-off dates vs on-chain program deploy timestamps are not measurable from version-label filenames alone without a tool run.

Sources #

GitHub
Meteora Program Audit Reports RepositoryMeteoraAg/audits README - at least 2 auditors per version update policyretrieved 2026-05-16

Methodology #

Measure the number of days between the audit report sign-off date and the mainnet deploy of the audited bytecode.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol meteora factor RD-F-006 score gray collected_at 2026-05-16 10:03:05