Deployed bytecode reproducibility

Midas's assessment for RD-F-145 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Private main repo and no published reproducible build instructions for post-audit implementations. Compiler is Solidity 0.8.9 (visible in Etherscan source metadata). Sherlock audit commits (0b1644f, 4abcc5b) provide reference bytecode for the audited versions, but post-audit deployed implementations (Sep-2024, Apr-2025, Dec-2025) come from private repo commits with no public build reproducibility declaration.

Sources #

Etherscan
mTBILL impl — Etherscan compiler metadataEtherscan source metadata: Solidity v0.8.9+commit.e5eed63a, optimization enabled 200 runsretrieved 2026-05-16

Methodology #

Determine whether anyone can independently reproduce the deployed bytecode from the repo and declared build toolchain.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-145 score yellow collected_at 2026-05-16 09:34:55