★ Audit scope mismatch

Beefy Finance's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No audit report covers BeefyVaultV7 or BeefyVaultV7Factory at their current deployed bytecode. The 2021 CertiK/DefiYield audits predate BeefyVaultV7 architecture entirely. The 2023-2025 audits (Zellic x3, OZ, Cyfrin, Certora, Sherlock, Electisec) cover only specific non-core modules: ERC-4626 wrapper, BIFI xERC-20 token, Zap, CLM strategy suite, beS. Scope gap (no audit of core vault) rather than confirmed bytecode mismatch; scored yellow not red because no audit falsely purports to cover BeefyVaultV7.

Sources #

GitHub
Beefy Finance Audit Repositorybeefyfinance/beefy-audits — full listing of 12 PDFs confirming no BeefyVaultV7 coverageretrieved 2026-05-16
Audit
Zellic CLM Audit 2024-02-28Zellic CLM audit 2024-02-28 — scope: CLM module, not BeefyVaultV7retrieved 2026-05-16
GitHub
BeefyVaultV7.sol sourceBeefyVaultV7.sol — contract architecture post-dating all pre-2023 auditsretrieved 2026-05-16

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol beefy factor RD-F-001 score yellow collected_at 2026-05-16 13:10:30