★ Audit scope mismatch

Liquity V1 + V2 (LUSD / BOLD)'s assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

v2 has 10 audit engagements with specific commit SHAs (Dedaub Aug-2024 @ 2a859733, Nov-2024 @ 96fa8431, Cantina-fixes May-2025 @ abe7cbfb). Mainnet deployment commits are e367755/b40fa9b (May 19, 2025). The fixes-review commit abe7cbfb is temporally close to deployment (6 days); deployment commit diff shows only addresses/broadcast files changed (not contract source), strongly implying contract bytecode matches fixes-review scope. Etherscan shows Exact Match verification for v2 TroveManager and BorrowerOperations. No single audit PDF explicitly cites the deployed commit SHA — gap is not fully verifiable from public sources without eth_getCode comparison.

Sources #

Audit
Liquity v2 Cantina Fixes Review (Dedaub, May 13 2025)Dedaub v2 Cantina-fixes review, commit abe7cbfbd465fba3812282c51773455766a70e96retrieved 2026-05-16
Audit
Liquity v2 Core Protocol Audit Report I (Dedaub, Aug 2024)Dedaub v2 Aug-2024 audit, commit 2a859733retrieved 2026-05-16
Etherscan
v2 TroveManager Etherscan source verificationv2 TroveManager 0x7bcb64b2c9206a5b699ed43363f6f98d4776cf5a, solc 0.8.24, Exact Match, Cancunretrieved 2026-05-16
Commit
Liquity bold mainnet deployment commitMainnet deployment commit e367755 (May 19 2025, addresses/1.json + broadcast files only changed)retrieved 2026-05-16

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol liquity factor RD-F-001 score yellow collected_at 2026-05-16 10:35:50