★ Audit scope mismatch

Aerodrome Finance's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Dual codebase. Aerodrome Pools inherits Spearbit audit of Velodrome v2 (Febâ€“Jun 2023) â€” no Aerodrome-specific commit SHA match confirmed. Slipstream: ABDK and ToB PDFs confirmed in repo but binary-only (commit SHAs inside unreadable). No signed release tags in either repo. All BaseScan-verified contracts show exact-match verification (solc 0.8.19+commit.7dd6d404), confirming source is live, but audit-to-bytecode SHA linkage unverifiable without local git log.

Sources #

GitHub
Velodrome V2 Spearbit Security ReviewSpearbit Velodrome v2 security review PDFretrieved 2026-05-04
GitHub
Slipstream audits directorySlipstream audits directory â€” abdk and tob folders confirmed, PDFs binaryretrieved 2026-05-04
Etherscan
AERO Token â€” BaseScan verified sourceAERO token BaseScan verified source â€” solc 0.8.19+commit.7dd6d404, exact matchretrieved 2026-05-04

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aerodrome factor RD-F-001 score yellow collected_at 2026-05-04 19:56:03