Static-analyzer high-severity count

Midas's assessment for RD-F-010 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No published Slither/Mythril/Semgrep output from any third party. Sherlock 2024-08 competitive audit (10+ auditors) identified 6 medium findings including M-4 (Corruptible Upgradability — missing storage gaps), all fixed. Sherlock 2024-05 identified H-1 (blacklist bypass, acknowledged) and M-1 (storage gap, fixed). No unresolved high/critical static-analysis findings visible in published audit results. Cannot run tools locally on private main repo. Confidence low due to absence of direct tool output; yellow rather than gray because competitive audits serve as a proxy for static analysis coverage.

Sources #

GitHub
Sherlock 2024-05 JudgingSherlock 2024-05 judging repo — 1 high acknowledged, 2 mediumsretrieved 2026-05-16
GitHub
Sherlock 2024-08 JudgingSherlock 2024-08 judging repo — 6 mediums, 0 high/criticalretrieved 2026-05-16

Methodology #

Count the number of unique high-severity detector findings from Slither + Mythril + Semgrep run against the deployed verified source (after deduplication across tools).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-010 score yellow collected_at 2026-05-16 09:34:55