Static-analyzer high-severity count

Centrifuge's assessment for RD-F-010 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Static analysis tools not run locally. Protocol uses Slither in CI. foundry.toml includes Echidna/Medusa profiles for active fuzzing. Multiple professional audits performed deep static analysis; Spearbit/Cantina July 2024 found 1 critical + 1 high — all resolved. No unfixed high/critical static findings post-V3.1. Marked yellow because local tool run not performed.

Sources #

Audit
https://cantina.xyz/portfolio/8c15e83a-08fc-48b9-8cc1-4f9ca76bb064retrieved 2026-04-27
GitHub
https://github.com/centrifuge/protocol/blob/main/foundry.tomlretrieved 2026-04-27

Methodology #

Count the number of unique high-severity detector findings from Slither + Mythril + Semgrep run against the deployed verified source (after deduplication across tools).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol centrifuge factor RD-F-010 score yellow collected_at 2026-04-30 21:19:10