Audit firm tier

Chainlink CCIP's assessment for RD-F-005 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Code4rena and Cyfrin are Tier-2 platforms (established, public track record, named judges, significant prize pools). No Tier-1 engagement (Trail of Bits, OpenZeppelin, ConsenSys Diligence, Certora, Sigma Prime, Spearbit, Zellic) found for CCIP. ISO 27001 and SOC 2 Type 2 are compliance certifications, not code-security audits.

Sources #

URL
Chainlink Security Certification PageChainlink security certifications (ISO/SOC — compliance, not code audit)retrieved 2026-05-16
URL
Chainlink Audit | Code4rena (Nov 2024)Code4rena platform — Tier-2 crowdsourced audit firmretrieved 2026-05-16

Methodology #

Classify each auditing firm into: Tier-1 (Trail of Bits / OpenZeppelin / ConsenSys Diligence / Certora / Sigma Prime / Spearbit / Zellic) / Tier-2 (established, named firm with public track record) / boutique / unknown.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol chainlink-ccip factor RD-F-005 score yellow collected_at 2026-05-16 01:55:09