Code complexity vs audit coverage

Convex Finance's assessment for RD-F-024 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Convex platform repo has 100+ Solidity files. The 7 audits cover different scope slices: MixBytes (original core), PeckShield (Frax, OhmSync, sidechain), Nomoi (cvxCRV wrapper, sidechain), ChainSecurity (Silo wrapper). The 2024 treasury lending module commits (treasury lend test and fixes, June 2024) appear unaudited. No audit-day count accessible from binary PDFs. Fragmented audit coverage across 7 narrow scopes rather than comprehensive reviews suggests code complexity may exceed effective audit coverage for newer additions.

Sources #

GitHub
Convex platform commit history (treasury lending additions June 2024 without audit)treasury lending commits June 2024 - appears unauditedretrieved 2026-05-16
GitHub
Convex platform contracts directory (100+ Solidity files)platform repo - 100+ contractsretrieved 2026-05-16

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol convex-finance factor RD-F-024 score yellow collected_at 2026-05-16 02:41:28