Auditor re-engaged after last exploit

Dolomite's assessment for RD-F-083 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Post-mortem contains no mention of post-incident auditor re-engagement. Guardian Audits 2024-01-11 pre-dates the exploit. Cyfrin POLVaults 2025-04-24 post-dates the incident but covers Berachain PoL vaults specifically, not an incident-triggered general re-audit of v2. No confirmed Tier-1 or Tier-2 re-audit specifically triggered by the March 2024 incident found. Scoring yellow: no confirmed external incident-review audit; however, the exploited contract was already deprecated and the v2 system continued without compromise. Cyfrin performed subsequent audit (scope-limited).

Sources #

URL
Cyfrin Dolomite POLVaults v2.0 Audit 2025-04-24Cyfrin POLVaults v2.0 audit 2025-04-24 — post-dates incident but not an incident-triggered re-auditretrieved 2026-05-16
URL
Legacy Smart Contract Vulnerability: Post Mortem AnalysisDolomite post-mortem — no auditor re-engagement mentionedretrieved 2026-05-16
URL
Audits and Security — Dolomite DocumentationDolomite audits and security page — full audit listretrieved 2026-05-16

Methodology #

Determine whether a reputable auditor performed a re-audit or incident review after the most recent exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dolomite factor RD-F-083 score yellow collected_at 2026-05-16 11:12:56