★ Post-audit code changes without re-audit

Stake DAO's assessment for RD-F-139 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

vlSDT: Trust Security audit 2026-03-26; code freeze February 2026; deployment ~April 2026 (~3 weeks after audit). Staking v2 had 4 sequential audits in 2025 (Trust Apr, Omniscia May, Pashov Aug, Omniscia Sep) reflecting iterative code changes with re-audit. No confirmed post-final-audit unreviewed change deployed. Yellow because multi-iteration audit pattern implies code changed between audit rounds (expected) and the vlSDT window between freeze and audit completion is narrow.

Sources #

Audit
https://raw.githubusercontent.com/stake-dao/audits/main/vlsdt/2026_03_26_trust_security_vlsdt.pdfretrieved 2026-05-16
Governance
Stake DAO February 2026 ReportFebruary 2026 report: vlSDT code freeze in February 2026retrieved 2026-05-16

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stake-dao factor RD-F-139 score yellow collected_at 2026-05-16 12:29:20