★ Post-audit code changes without re-audit

GMX v2 (GMX Synthetics)'s assessment for RD-F-139 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Last individually linkable audit: ABDK (November 2023, commit 298c6d7f). Significant post-ABDK deployments without individually-linked audit PDFs: GLV vault suite, ConfigTimelockController, ConfigSyncer+RiskOracle, LayerZeroProvider and full Multichain suite, V2.1 features, V2.2 features. Guardian case study references 10 post-launch engagements covering GLV/multichain/gasless — ongoing coverage substantially mitigates risk but individual audit PDFs for specific features are not publicly individually linked with commit-hash coverage documentation. Not red due to documented ongoing Guardian coverage.

Sources #

GitHub
ABDK GMX Synthetics Audit (last confirmed audit commit)ABDK audit — commit 298c6d7f1ef089a1437dc7099db1e4c647ed1b7e, added to repo 2023-11-06retrieved 2026-05-05
URL
Guardian Audits GMX case study — ongoing post-launch coverageGuardian case study — '10 post-launch engagements' covering GLV, buybacks, gasless, cross-chain V2.2retrieved 2026-05-05
GitHub
V2.1/V2.2 releases without individually linked auditsGitHub releases: V2.2 (commit ee721b7) and V2.1 (commit ca7d92b) — no corresponding audit PDFs linked to these commits in the audits/ directoryretrieved 2026-05-05

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol gmx-v2 factor RD-F-139 score yellow collected_at 2026-05-05 11:15:06