★ Audit scope mismatch

Synapse Protocol's assessment for RD-F-001 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Only known audit is CertiK Nerve Finance (Mar-Apr 2021), pre-rebrand and pre-proxy. Currently deployed impl 0x31fe...d0d is the 25th iteration — none of the 24 post-audit upgrades have been reviewed. Sanguine monorepo (FastBridge, SIN) also entirely unaudited.

Sources #

URL
https://skynet.certik.com/projects/synapseprotocolretrieved 2026-04-26
URL
https://medium.com/synapse-protocol/11-06-2021-post-mortem-of-synapse-metapool-exploit-3003b4df4ef4retrieved 2026-05-06
URL
https://halborn.com/explained-the-synapse-and-nerve-bridge-hacks-november-2021/retrieved 2026-05-06

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol synapse factor RD-F-001 score red collected_at 2026-04-26 21:35:35