★ Audit scope mismatch

StakeWise v3's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Statemind audit signed off 2026-04-20. Post-audit 'Audit fixes' commit v5.0.0c (SHA 49fa993) was merged April 21, 2026, and v5.0.0 final (SHA 31b2da5) was released April 29, 2026 — both after audit sign-off. The currently deployed v5.0.0 therefore includes code not covered by the most recent audit. However, the PR is labeled 'Audit fixes' (addressing findings rather than introducing new scope) and 8 overlapping prior engagements provide background coverage. Bytecode-to-commit-SHA diff not programmatically verified.

Sources #

GitHub
StakeWise v3-core release v5.0.0cv5.0.0c release notes: 'Audit fixes by tsudmi in PR #134'; commit SHA 49fa993 dated April 21 2026retrieved 2026-05-16
GitHub
StakeWise v3-core release v5.0.0v5.0.0 final release commit SHA 31b2da5 dated April 29 2026retrieved 2026-05-16
Audit
Statemind StakeWise Core V3 Audit 2026-04-20Statemind StakeWise Core V3 audit PDF dated 2026-04-20 — sign-off date confirmed from filenameretrieved 2026-05-16

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stakewise factor RD-F-001 score yellow collected_at 2026-05-16 01:03:28