Static-analyzer high-severity count

Cap (cUSD / stcUSD)'s assessment for RD-F-010 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

slither.config.json exists (medium+high severity, excludes lib/test/script) but no published Slither CI output is publicly accessible. BorrowLogic.sol shows a CEI concern (external calls after some state updates) that Slither would flag. Audit PDFs inaccessible — cannot confirm static analysis results. Gray due to no programmatic tool output available for review.

Sources #

GitHub
Cap Contracts Slither Configurationslither.config.json — exists in repo, configured for medium/high severityretrieved 2026-05-17
GitHub
Cap BorrowLogic.solBorrowLogic.sol — CEI concern: state update before external vault/delegation callsretrieved 2026-05-17

Methodology #

Count the number of unique high-severity detector findings from Slither + Mythril + Semgrep run against the deployed verified source (after deduplication across tools).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol cap factor RD-F-010 score gray collected_at 2026-05-17 10:56:24