Static-analyzer high-severity count

deBridge's assessment for RD-F-010 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No published Slither/Mythril output found in the debridge-security repo or any public analysis post. Static analysis was not run programmatically for this assessment. The DLN EVM audit (Halborn 2024-12-30) and prior audits would capture some of these findings; audit PDFs not machine-parseable here. Notable structural patterns reviewed manually: CallProxy uses `.call()` with user-controlled receiver and data (no allowlist); SignatureVerifier uses `ecrecover` without explicit address(0) guard; ...

Sources #

GitHub
https://github.com/debridge-finance/debridge-contracts-v1retrieved 2026-04-28
GitHub
https://github.com/debridge-finance/dln-contractsretrieved 2026-04-28

Methodology #

Count the number of unique high-severity detector findings from Slither + Mythril + Semgrep run against the deployed verified source (after deduplication across tools).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol debridge factor RD-F-010 score gray collected_at 2026-04-28 01:27:58