defirisk.co
rubric v1.7.0

Resolved-without-proof findings

Wormhole's assessment for RD-F-003 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

CertiK 2023-03-08 audit: 11 total findings, 7 acknowledged, 4 resolved. 2 major findings (Centralization/Privilege category) are acknowledged-only, not resolved — these relate to admin-key centralization rather than exploitable code bugs in the classic sense, but remain open. No evidence these 2 major-acknowledged items were later patched with an on-chain change. Trail of Bits 2022-09 findings resolution status not directly accessible (PDF required), but no public post-mortem documents unreso...

Sources #

  • Curator note
    Extracted from 01-code-security.md — RD-F-003 finding; no URL cited in originalretrieved 2026-04-28

Methodology #

Count the number of findings the audit report marks "Resolved" or "Fixed" where no matching on-chain bytecode change or verifiable commit can be found.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol wormhole factor RD-F-003 score yellow collected_at 2026-04-28 01:38:43