defirisk.co
rubric v1.7.0

Post-audit code changes without re-audit

BlackRock USD Institutional Digital Liquidity Fund (BUIDL)'s assessment for RD-F-139 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cyfrin audited 10 Securitize platform components (Jul 2024–Aug 2025); Halborn audited DSToken framework (Sept 2025). None specifically scope the BUIDL Ethereum implementation (0x603Bb690) at its deployed commit SHA. No post-deploy upgrade events detected. Framework audits partially cover codebase but no BUIDL-specific audit with bytecode match confirmed.

Sources #

  • GitHub
    https://github.com/Cyfrin/cyfrin-audit-reportsretrieved 2026-04-26
  • Audit
    https://www.halborn.com/audits/securitize/dstoken-e07b34retrieved 2026-04-26

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol blackrock-buidl factor RD-F-139 score yellow collected_at 2026-05-12 09:40:42