defirisk.co
rubric v1.7.0

Audit scope mismatch

Sky Lending (formerly MakerDAO)'s assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Extensive audit history covers all major modules (Trail of Bits + PeckShield 2019 for Vat; ChainSecurity + Cantina + Sherlock 2024 for Endgame/USDS). Exact commit SHA matching not independently verifiable without PDF parsing. No material scope mismatch identified.

Sources #

  • URL
    https://github.com/sherlock-protocol/sherlock-reports/blob/main/audits/2024.08.05%20-%20Final%20-%20MakerDAO%20Endgame%20Audit%20Report.pdfretrieved 2026-04-27
  • Etherscan
    https://etherscan.io/address/0x1923DfeE706A8E78157416C29cBCCFDe7cdF4102retrieved 2026-04-27
  • URL
    https://github.com/makerdao/mcd-security/blob/master/Audit%20Reports/TOB_MakerDAO_Final_Report.pdfretrieved 2026-04-27
  • URL
    https://github.com/sky-ecosystem/usds/tree/master/auditretrieved 2026-04-27
  • Etherscan
    https://etherscan.io/address/0x35D1b3F3D7966A1DFe207aa4514C12a259A0492Bretrieved 2026-04-27

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sky-lending factor RD-F-001 score yellow collected_at 2026-04-28 00:43:18