Code complexity vs audit coverage

Babylon Protocol's assessment for RD-F-024 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Babylon's codebase is substantially complex: 5+ custom Cosmos SDK modules, EOTS cryptographic primitives, CosmWasm BSN contracts, and off-chain components (vigilante, covenant-emulator, finality-provider). Zellic 2025 audit required 23.5 person-weeks (5 consultants, 10 calendar weeks) and found 7 critical findings — direct evidence that complexity has exceeded single-round audit coverage. CosmWasm BSN contracts appear to have no public audit despite being a live production deployment since September 2025.

Sources #

URL
Babylon Genesis Chain: Zellic Security Assessment ReportZellic 2025 Genesis Chain audit (23.5 person-weeks, 7 critical findings)retrieved 2026-05-04
GitHub
cosmos-bsn-contracts repositorycosmos-bsn-contracts repo (v1.0.0-rc.3, Sep 2025, no audit in README)retrieved 2026-05-04

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol babylon-protocol factor RD-F-024 score yellow collected_at 2026-05-04 19:43:27