Code complexity vs audit coverage

Lombard Finance's assessment for RD-F-024 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

14+ audit engagements across 7 firms covering every major contract module: V1 core (Halborn 13-day, Veridise 9-day), V2 full stack (OZ 32-day Golang+EVM, Veridise 65-day EVM only, Halborn V2), Yield Bearing (OZ + Sherlock), StakeAndBake (ABDK), BridgeV2/BTC.b (OZ), Multipauser (OZ + Sherlock). Each successive audit targeted a specific feature set rather than the entire codebase, keeping scope focused and audit depth appropriate. OZ V2 at 32 days covering the most complex release (39 findings identified) demonstrates adequate depth. No indication of audit-complexity ratio exceeding reasonable bounds.

Sources #

Audit
OpenZeppelin V2 Audit SummaryOZ V2: 32-day scope, 39 findings — adequate for codebase complexityretrieved 2026-05-05
GitHub
lombard-finance audit PDF directoryFull audit directory — 12 PDFsretrieved 2026-05-05

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lombard factor RD-F-024 score green collected_at 2026-05-05 12:03:08