Auditor re-engaged after last exploit

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-083 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

RouteProcessor2 post-mortem explicitly states: 'The at risk contract has been fixed and sent off for a second audit before rollout.' Re-audit was committed to and likely executed given subsequent RP series deployments. However, the specific audit firm conducting the post-exploit re-audit and the published report URL are not confirmed in available public sources. Green requires a confirmed published re-audit report.

Sources #

URL
RouteProcessor2 Post Mortem — re-audit commitment (sushi.com)SushiSwap post-mortem — re-audit commitmentretrieved 2026-05-17

Methodology #

Determine whether a reputable auditor performed a re-audit or incident review after the most recent exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-083 score yellow collected_at 2026-05-16 19:50:37