Auditor re-engaged after last exploit

Sanctum's assessment for RD-F-083 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No prior smart-contract exploits; no post-exploit re-audit obligation. Gray = N/A per methodology (no prior exploits). Sanctum proactively engaged OtterSec, Neodyme, and Sec3 for pre-launch Infinity audits (February 2024) but these are pre-deployment security reviews, not post-exploit remediation audits.

Sources #

Docs
Neodyme Infinity audit INV-24-01 (pre-launch, Feb 2024)Profile §8 audit table — three Infinity audits (OtterSec, Neodyme, Sec3, all Feb 2024) are pre-launch, not post-exploitretrieved 2026-05-04

Methodology #

Determine whether a reputable auditor performed a re-audit or incident review after the most recent exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sanctum factor RD-F-083 score gray collected_at 2026-05-04 18:49:23