Deployed bytecode reproducibility

Frax Finance's assessment for RD-F-145 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Trail of Bits frxGov audit 2023-07 provided bytecode-level coverage for governance contracts. frxUSD: no public build artifact or reproducibility confirmation. FraxEtherRedemptionQueueV2: Dec 2025 allegation raises reproducibility concern — deployed behavior differs from verified source, suggesting some change is not reproducible from the published source code.

Sources #

Audit
frxGov Security Review — Trail of Bits 2023Trail of Bits frxGov audit 2023-07 — bytecode-level audit for governance contractsretrieved 2026-05-17
Governance
Attribution Dispute - RedemptionQueueV2 DoS Vulnerability | Frax GovernanceAttribution dispute post: researcher identifies behavioral divergence between deployed bytecode and Etherscan-verified sourceretrieved 2026-05-17

Methodology #

Determine whether anyone can independently reproduce the deployed bytecode from the repo and declared build toolchain.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol frax factor RD-F-145 score yellow collected_at 2026-05-16 20:44:31