★ Post-audit code changes without re-audit

Kinetiq's assessment for RD-F-139 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

April 7 2026 batch upgrade deployed new implementations for 5 core contracts. Most recent kHYPE-core audit covering these contracts: Spearbit June 2025 (~10 months prior). November 2025 Pashov audit covered instant-unstake feature only. No audit found specifically covering the April 2026 implementation changes. Changes appear operational rather than architectural based on tx context, and Cantina bug bounty ($5M max) is running. Scored yellow not red based on (a) operational change context and (b) continuous bug bounty program. However, the deployed bytecode is unaudited relative to any recent audit engagement.

Sources #

URL
Kinetiq audit reports indexaudits.kinetiq.xyz: khype-lst-june-2025-spearbit.pdf covers core contracts (most recent core audit)retrieved 2026-05-17
Tx
April 2026 upgrade — post-audit driftApril 2026 upgrade to 5 unaudited implementations; most recent core audit June 2025 Spearbitretrieved 2026-05-17
URL
Kinetiq Cantina bug bounty (continuous coverage)Cantina bug bounty $5M max running since 2025-09-15; in-scope: kHYPE, StakingManager, etc.retrieved 2026-05-17

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol kinetiq factor RD-F-139 score yellow collected_at 2026-05-17 15:29:57