Auditor re-engaged after last exploit

Marinade Finance's assessment for RD-F-083 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No external security audit specifically covering the SAM delegation logic identified post-incident. The 2024 Neodyme audit covered the Validator Bond program (not SAM delegation calculation). The SAM logic is partially off-chain. MIP-19 proposes mechanism changes but does not reference a formal security audit. Yellow: re-audit not confirmed for the affected component; Neodyme 2024 is a post-incident audit but for a different component scope.

Sources #

URL
MIP-19: Improving SAM — Marinade Governance ForumMIP-19 governance — mechanism fix without referenced external auditretrieved 2026-05-16
URL
Marinade Security Audits — Marinade DocsMarinade audits page — Neodyme 2024 covered Validator Bonds, not SAM delegationretrieved 2026-05-16

Methodology #

Determine whether a reputable auditor performed a re-audit or incident review after the most recent exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol marinade factor RD-F-083 score yellow collected_at 2026-05-16 08:48:35