★ Audit scope mismatch

Across Protocol's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The Ethereum SpokePool proxy (`0x5c7BCd6E7De5423a257D81B442095A1a6ced35C5`) was last upgraded 2026-02-02 per the profile. The most temporally proximate OZ audit (ERC-3009 and Deterministic DepositIds, 2026-02-02 to 2026-02-03) was narrowly scoped to PR #1275 at base commit 041fcbf, covering only SpokePoolPeriphery-class changes. The comprehensive coverage audit for core SpokePool variants was the Oct 2024 OZ audit (commits 5a0c67c through d4416cd). Whether the 2026-02-02 implementation upgrad...

Sources #

URL
https://www.openzeppelin.com/news/across-auditretrieved 2026-04-28
Etherscan
https://etherscan.io/address/0x5c7bcd6e7de5423a257d81b442095a1a6ced35c5retrieved 2026-04-28
URL
https://www.openzeppelin.com/news/across-protocol-erc-3009-and-deterministic-depositids-auditretrieved 2026-04-28

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol across-protocol factor RD-F-001 score yellow collected_at 2026-04-30 21:19:18