defirisk.co
rubric v1.7.0

Code complexity vs audit coverage

Beefy Finance's assessment for RD-F-024 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

BeefyVaultV7 core vault is ~200 LOC — simple. Strategy base contracts add ~300-500 LOC each. Hundreds of individual strategy implementations across 34 chains. Only CLM strategy suite has multi-firm 2024 audit coverage; core vault and strategy base have had no audit coverage since 2021. The LOC-per-audit-day ratio for the full protocol codebase is very high. Docs confirm no mandatory strategy audit requirement.

Sources #

  • GitHub
    beefy-contracts repositorybeefy-contracts repo — thousands of strategy contracts, active across 34 chainsretrieved 2026-05-16
  • Docs
    Beefy SAFU Practicesdocs.beefy.finance/safety/beefy-safu-practices — no mandatory third-party audit requirement for strategiesretrieved 2026-05-16

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol beefy factor RD-F-024 score yellow collected_at 2026-05-16 13:10:30