★ Audit scope mismatch

Meteora's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

All programs audited by multiple firms with version-labeled reports (DLMM v0.11.0, DBC v0.1.10, DAMM v2 v0.2.0, Dynamic Vault v0.9.4). No audit PDF cites a git commit SHA. All four programs tested on verify.osec.io return is_verified:false with null on-chain hash. Audit-to-deployed-bytecode cryptographic linkage is absent; version-label matching only.

Sources #

GitHub
Meteora Audits Repository - DLMM DirectoryMeteoraAg/audits DLMM directory - version-labeled filenames, no commit SHAretrieved 2026-05-16
Docs
Meteora DLMM Audit Documentationdocs.meteora.ag/resources/audits/dlmm - version-labeled reports, no SHA citedretrieved 2026-05-16
URL
OtterSec Verify - DBC Program dbcij3LWUppWqq96dh6gJWwBifmcGfLSB5D4DuSMaqNverify.osec.io DBC program not verifiedretrieved 2026-05-16
URL
OtterSec Verify - DLMM Program LBUZKhRxPF3XUpBCjp4YzTKgLccjZhTSDM9YuVaPwxoverify.osec.io DLMM program not verifiedretrieved 2026-05-16

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol meteora factor RD-F-001 score yellow collected_at 2026-05-16 10:03:05