★ Audit scope mismatch

Veda (BoringVault)'s assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

0xMacro A-4 (commit 939c77e) covers 45 core contracts. A-19 (commit b7ad406) covers LayerZeroTeller and FixedRateAccountant. Deployed liquidETH BoringVault (0xf0bb20865277abd641a307ece5ee04e79073416c) verified at v0.8.21+commit.d9974bed, consistent with repo. Peripheral stack (100+ DecoderAndSanitizer variants, 22+ chain deployments) not fully commit-matched across all incremental audits A-8 through A-45. Core-to-audit match is strong; peripheral coverage is partial.

Sources #

Audit
Seven Seas A-4 Security Audit — Core BoringVault Architecture0xMacro sevenSeas-4, commit 939c77e25473dff3ed18fa104f004f7afd13452e, April 1-5 2024retrieved 2026-05-17
Audit
Seven Seas A-19 Security Audit — LayerZero Teller + FixedRateAccountant0xMacro sevenSeas-19, commit b7ad4066a946a5e64285c88617a5de36e5eef436, Oct 28-Nov 5 2024retrieved 2026-05-17
Etherscan
BoringVault liquidETH — Etherscan source verification0xf0bb20865277abd641a307ece5ee04e79073416c — verified, v0.8.21+commit.d9974bed, optimizer 200 runsretrieved 2026-05-17

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-001 score yellow collected_at 2026-05-17 12:41:22