Code complexity vs audit coverage

Save (formerly Solend)'s assessment for RD-F-024 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Substantial unaudited code complexity. The Kudelski audit covered ~22 audit-days on v1.0. Post-audit additions include 13+ isolated pools, Pyth/Switchboard integration extensions, and custom interest-rate models. The repo shows 1,787 commits total per DeFiSafety data, with significant development post-2021-audit. No post-audit audit covers the expanded code surface. The LOC-per-audit-day ratio for the current codebase relative to the Kudelski scope exceeds any credible threshold.

Sources #

GitHub
solendprotocol/solana-program-librarySolend repo with extensive post-audit commit historyretrieved 2026-05-17
Docs
Isolated Pools | Save (formerly Solend)Save isolated pools — 13+ pools added post-auditretrieved 2026-05-17

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-024 score red collected_at 2026-05-17 15:20:15