★ Audit scope mismatch

Ondo Finance's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Spearbit/Cantina March 2025 covers OUSG/USDY at commit 1b072be with bytecode match; Flux Finance last audited Code4rena Jan 2023 with no public commit SHA, making post-audit bytecode traceability infeasible for that component.

Sources #

Audit
https://cantina.xyz/portfolio/fb329103-8bd1-45ac-91d8-4f75e1abf812retrieved 2026-04-28
Audit
https://code4rena.com/reports/2023-01-ondo/retrieved 2026-04-28
Etherscan
https://etherscan.io/address/0x1CEB44b6E515ABF009e0CCb6DDAfd723886CF3Ffretrieved 2026-04-28

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ondo-finance factor RD-F-001 score yellow collected_at 2026-05-14 12:01:55