★ Audit scope mismatch

Pendle Finance's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Ackee audited commit 9d93fc1 (Apr-May 2022). Spearbit July 2024 fixes verified in commit 14c9f26a (PR 526). ChainSecurity Aug 2024 covers V2 Core. Etherscan shows 'Exact Match' for inspected implementation contracts. No material mismatch found but SHA cross-checks not independently verifiable across all factory versions V3-V6 on 6 chains via WebFetch.

Sources #

Etherscan
ActionAddRemoveLiqV3 Etherscan verification (Exact Match)Router implementation 0x663c21... Exact Matchretrieved 2026-04-29
GitHub
Pendle Spearbit Security Review July 2024Spearbit portfolio Pendle July 2024retrieved 2026-04-29
Audit
Pendle Finance: Pendle V2 audit summary — Ackee BlockchainAckee Pendle V2 audit blog (commit 9d93fc1)retrieved 2026-04-29

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pendle factor RD-F-001 score yellow collected_at 2026-04-28 21:09:40