Fork retains upstream audit coverage

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-131 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

v2: PeckShield Sep-2020 audited SushiSwap v2 specifically (upstream Uniswap v2 + Sushi additions). v2 retains upstream coverage + Sushi-specific delta audit — coverage = adequate. v3: ABDK + ToB audited Uniswap v3 upstream; these reports are in the sushiswap/v3-core/audits/ directory. No fresh Sushi-specific audit of v3-core commissioned by SushiSwap. The SushiSwap v3 fork introduces deployment-specific changes not covered by the upstream reports. Scoring yellow: v2 has upstream+delta coverage; v3 has upstream coverage only with a gap for Sushi-specific changes.

Sources #

GitHub
sushiswap/v3-core audits directorysushiswap/v3-core/audits/ — contains Uniswap v3 upstream ToB + ABDK reports; no Sushi-specific v3-core audit presentretrieved 2026-05-17
Audit
PeckShield-Audit-Report-SushiSwap-v1.0.pdfPeckShield SushiSwap v1 audit (covers v2-core Sushi-specific additions)retrieved 2026-05-17

Methodology #

Determine whether the fork's deployed code is covered by either: (a) the upstream audit plus a delta-audit for fork-specific changes, or (b) a fresh independent audit of the fork.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-131 score yellow collected_at 2026-05-16 19:50:37