Resolved-without-proof findings

Across Protocol's assessment for RD-F-003 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

OZ audit series shows all high/critical findings across 18 engagements are marked resolved with documented PRs. Aug 2024 critical (decimal scaling in Arbitrum_CustomGasToken_Adapter): resolved in PR #589 before deployment. Oct 2024: 1 critical, 2 high — all resolved. Periphery May 2025: 1 high (nonce mismatch) resolved in PR #1013. SVM (Solana) Nov 2024: 2 high — one partially resolved (PR #847), one acknowledged/unresolved (cost asymmetry spam). ERC-3009 Feb 2026: critical resolved in PR #12...

Sources #

URL
https://www.openzeppelin.com/news/across-auditretrieved 2026-04-28
URL
https://www.openzeppelin.com/news/across-protocol-diff-auditretrieved 2026-04-28
URL
https://www.openzeppelin.com/news/deposit-flow-auditretrieved 2026-04-28
URL
https://www.openzeppelin.com/news/across-protocol-erc-3009-and-deterministic-depositids-auditretrieved 2026-04-28

Methodology #

Count the number of findings the audit report marks "Resolved" or "Fixed" where no matching on-chain bytecode change or verifiable commit can be found.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol across-protocol factor RD-F-003 score yellow collected_at 2026-04-30 21:19:18