Auditor re-engaged after last exploit

Usual (USD0 / bUSD0 / USUAL)'s assessment for RD-F-083 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The Sky Vault Arbitrage Recap blog commits to 'final patch review and redeployment of the router (ETA before June 3)' and publication of 'a full technical audit diff and exploit breakdown.' Pre-exploit auditors were Spearbit (Jan + Apr 2025), Halborn (Jan 2025), Cantina (Mar 2025) — none caught the behavioral edge case. Whether a specifically named reputable re-audit engagement was commissioned post-exploit for the patched router is not confirmed in sources available as of 2026-05-17. Scored yellow: remediation committed and router patch planned (consistent with implicit auditor review), but named post-exploit auditor re-engagement not confirmed from primary sources. Previously not_applicable (zero SC exploits); rescored yellow on May 2025 exploit.

Sources #

URL
Usual Blog — Sky Vault Arbitrage Recap (action plan section)Usual blog action plan: 'final patch review and redeployment of the router (ETA: before June 3)' and 'publication of a full technical audit diff and exploit breakdown' — implies review process but does not name auditorretrieved 2026-05-17

Methodology #

Determine whether a reputable auditor performed a re-audit or incident review after the most recent exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol usual factor RD-F-083 score yellow collected_at 2026-05-16 20:39:44