★ Post-audit code changes without re-audit

Circle USYC's assessment for RD-F-139 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[CRITICAL] No public audit report with firm name, date, or URL found. Docs claim externally audited but name no firm. 9 Ethereum upgrades (most recent Dec 2025), plus BSC deployment (Nov 2025) and Teller (Nov 2025), all lack verifiable corresponding audit artifacts. Etherscan shows No Contract Security Audit Submitted on implementation. DefiLlama audits: [].

Sources #

Docs
Circle developer docs - audit claim without detailsCircle developer docs: mentions audited smart contract without naming firm or linking reportretrieved 2026-05-16
Etherscan
YieldCoin implementation - no audit submittedYieldCoin implementation 0xBF0f2F3a - No Contract Security Audit Submittedretrieved 2026-05-16
Internal
00-data-cache.json and profile section 8Data cache defillama.audits: []; profile section 8 - no public audit report locatedretrieved 2026-05-16

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol circle-usyc factor RD-F-139 score red collected_at 2026-05-15 21:56:43