★ Post-audit code changes without re-audit
EigenLayer's assessment for RD-F-139 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
August 2025 EigenPods Pectra bug fix was a same-day emergency patch following Immunefi disclosure. Certora had audited Pectra-related changes in July 2025 (Multichain/Merkle audits) but these predate the specific vulnerability. The 'Pectra Compatibility Audit Handbook' (HackMD) is a planning doc, not a completed audit of the patch. Residual audit gap of ~4-6 weeks for this specific patch. Tempered by: proactive fix before exploitation, strong prior audit culture (22 audits since 2023), recent Certora Pectra engagement.
Sources #
- Audithttps://github.com/Layr-Labs/eigenlayer-contracts/tree/main/auditsretrieved 2026-04-28
- https://hackmd.io/rNpxJm2oTz6siWbUKYYhHAretrieved 2026-04-28
- https://forum.eigenlayer.xyz/t/eigenpods-bug-fix-completed-august-29-2025/14713retrieved 2026-04-28
Methodology #
Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.
See the full factor methodology and distribution across all protocols →