defirisk.co
rubric v1.7.0

Code complexity vs audit coverage

Dolomite's assessment for RD-F-024 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

DolomiteMargin core codebase: TypeScript 59.2%, Solidity 36.9%. Modules repo: 18 packages (GMX, GLP, Pendle, Berachain PoL, oracles, interest setters, tokenomics, admin, etc.) under active development with different scope per audit. Cyfrin Aug 2023 covered core; Guardian Jan 2024 covered modules at a point in time. Module count has expanded significantly since the Jan 2024 audit. Ethereum mainnet (July 2025) adds new integration contracts not in prior audits. Audit appears adequate for Arbitrum core but borderline for the expanding module surface.

Sources #

  • Docs
    Dolomite Audits & Securitydocs.dolomite.io/audits-and-security: scope note: 'this repository undergoes active development and the scope covered by each audit is different'retrieved 2026-05-16
  • GitHub
    Dolomite Margin Modulesdolomite-margin-modules: 18 packages (abracadabra, admin, arb, base, berachain, deployment, glp, glv, gmx-v2, interest-setters, jones, liquidity-mining, mantle, mountain, oracles, pendle, plutus, umami)retrieved 2026-05-16

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dolomite factor RD-F-024 score yellow collected_at 2026-05-16 11:12:56