Resolved-without-proof findings

Superstate's assessment for RD-F-003 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Audit-4 H-1 (fee not charged) and H-2 (access controls circumvented via direct _mint bypassing _mintLogic) marked addressed in final commit. Audit-7 C-1 and C-2 (Solana missing ownership validation allowing frozen-account bypass) fixed in final commit 35496aa58f9d646046f9620bc72865d4a74978cb. All medium+ findings across 10 audits show addressed status with final commit SHAs. No finding marked resolved without a verifiable commit.

Sources #

Audit
0xMacro Superstate Audit 4 (H-1, H-2 addressed)0xMacro superstate-4: H-1 fee not charged + H-2 subscribe() bypassing _mintLogic, both addressed in final commitretrieved 2026-05-16
Audit
0xMacro Superstate Audit 7 (Solana, C-1 C-2 fixed)0xMacro superstate-7: C-1 + C-2 Solana missing ownership validation, fixed in commit 35496aa58f9d646046f9620bc72865d4a74978cbretrieved 2026-05-16

Methodology #

Count the number of findings the audit report marks "Resolved" or "Fixed" where no matching on-chain bytecode change or verifiable commit can be found.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol superstate factor RD-F-003 score green collected_at 2026-05-16 00:06:37