Formal verification coverage

Cap (cUSD / stcUSD)'s assessment for RD-F-009 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Certora engaged for 'EigenAVS' scope (EigenLayer SSN component) — dated 2025-09-15. Per U-rule U8 in invocation: this is component-scoped FV of the EigenLayer integration only, NOT full-protocol FV. Core protocol logic (Vault, Lender, cUSD/stcUSD tokens, AccessControl, Oracle) has no documented formal verification. At $342M TVL, component-only FV with no core protocol FV coverage is yellow (between 20-79% of declared critical invariants).

Sources #

Audit
Certora EigenAVS FV Report 2025-09-152025-09-15-Certora (EigenAVS).pdf — component-scoped FV for EigenLayer SSN onlyretrieved 2026-05-17
Internal
Cap Profile §8 + Invocation U8 Rule00-profile.md §8 and U-rule U8 — Certora is EigenAVS scope only, not full-protocol FVretrieved 2026-05-17

Methodology #

Determine the percentage of protocol-declared critical invariants covered by a formal verification proof (Certora Prover, Kani, Halmos, or equivalent).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol cap factor RD-F-009 score yellow collected_at 2026-05-17 10:56:24