★ Audit scope mismatch

QuickSwap's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Code4rena Sep 2022 contest covered Algebra V1 core (13 contracts, 1833 LoC) but EXPLICITLY excluded periphery (SwapRouter, NonfungiblePositionManager). Both periphery contracts are deployed as PROXY contracts on Polygon (SwapRouter: 0xf5b509bB0909a69B1c207E495f687a596C168E12; NonfungiblePositionManager: 0x8eF88E4c7CfbbaC1C163f7eddd4B578792201de6, both solc 0.7.6, verified). No publicly accessible audit PDF covers the QuickSwap V3 periphery proxy implementations. V2 core (0x5757371414417b8C6CAad45bAeF941aBc7d3Ab32, solc 0.5.16) retains full ABDK Uniswap V2 formal-verification coverage (Jan-Apr 2020, commit 8160750) since it is line-for-line identical to upstream. Overall: V2 core audit scope matched; V3 core audit scope matched for core only; V3 periphery proxies have no accessible audit = partial scope mismatch.

Sources #

Audit
Code4rena 2022-09 QuickSwap Audit ReportCode4rena QuickSwap+StellaSwap V3 Sep 2022 — scope excludes peripheryretrieved 2026-05-16
Etherscan
QuickSwap V3 Swap Router (Proxy) — PolygonscanV3 SwapRouter proxy — not in C4 scoperetrieved 2026-05-16
Audit
ABDK Uniswap V2 Formal Verification ReportABDK Consulting Uniswap V2 formal verification Jan-Apr 2020 (inherited by zero-divergence V2 fork)retrieved 2026-05-16

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol quickswap factor RD-F-001 score yellow collected_at 2026-05-16 08:48:31