★ Audit scope mismatch

Marinade Finance's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Neodyme + Sec3 Nov 2023 audits cover v2.0 upgrade; final GitHub commits (26147376, dc43b02) are dated Nov 14 2023 matching audit merge. No post-audit code commits found via GitHub API. However, verify.osec.io reports a hash mismatch: build hash daeb88a604e11a83382fd2e318abb99e455fd02a2b612227e61e0bb7b5568ab7 does not match on-chain hash d69d4cd7ff7c00df3dfe2191dbb973858de9c36a3114bdbdb65d6cc81c98ed94 (status: not verified as of 2024-01-26). Profile claims last commit 2026-02-20 but GitHub API shows Nov 2023 — discrepancy unresolved. No Solana reproducible-build attestation confirmed. Yellow: audit dates align with commits but OSEC hash mismatch and absent reproducible build create residual uncertainty.

Sources #

Audit
Sec3 Marinade 2023 AuditSec3 November 2023 audit of v2.0 liquid staking upgraderetrieved 2026-05-16
URL
OSEC Verify — Marinade Liquid Staking Programverify.osec.io build hash daeb88a604e11a83 vs on-chain d69d4cd7ff7c00df — not verified record as of 2024-01-26retrieved 2026-05-16
GitHub
Marinade liquid-staking-program commits APIGitHub API most recent commit SHA 26147376b75d8c971963da458623e646f2795e15 dated 2023-11-14retrieved 2026-05-16
Audit
Neodyme Marinade 2023 AuditNeodyme November 2023 audit of v2.0 liquid staking upgraderetrieved 2026-05-16

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol marinade factor RD-F-001 score yellow collected_at 2026-05-16 08:48:35