Code complexity vs audit coverage

Hyperlane's assessment for RD-F-024 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Trail of Bits core audit: 5-day engagement (Sep 25–29 2023) + fix review Oct 26 for a protocol with Mailbox, multiple ISM types, gas paymaster, and Warp Routes. Post-2023, ERC4626 vault routes and additional ISM variants were added without audit coverage (per commit history). ChainLight Q2 2025 adds coverage but scope not fully confirmed. Score: yellow (audit depth adequate for v3 core; borderline relative to current codebase surface).

Sources #

GitHub
HypERC4626Collateral.sol commit history — latest Feb 2026HypERC4626Collateral.sol latest commit: Feb 2 2026 — post-Trail-of-Bits audit additionretrieved 2026-05-17
Docs
Hyperlane Audits — Official DocumentationTrail of Bits V3 audit Sep 25–Oct 26 2023; ChainLight Q2 2025 listedretrieved 2026-05-17

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperlane factor RD-F-024 score yellow collected_at 2026-05-16 23:03:56