OpenEden · DeFi Risk

DeploymentsEthereum · $84.8M

Risk profile at a glance

1 red · 5 yellow · 6 green

Categories & evidence

184 factors · 13 categories

Code & audits Yellow 36 25 of 25

RD-F-007 red Bug bounty presence & max payout No active bug bounty program found on any platform. Immunefi: null per data cache (platform: null, max_payout_usd: null). Sherlock: no program found. Cantina: no program found. HackenProof: 403 on direct URL. SECURITY.md absent from GitHub repo (cache security_md_present: false). No responsible disclosure email published in docs.openeden.com as of 2026-05-16. No disclosure path of any kind is publicly accessible. RD-F-009 red Formal verification coverage No formal verification (Certora, Kani, Halmos, or equivalent) found in any public audit or repository. Neither Hacken nor Halborn engagements included FV scope. No FV spec files in the openeden.vault.audit GitHub repo. 0% coverage of declared critical invariants. This factor is scored rather than marked not_applicable because FV is applicable to any on-chain smart contract regardless of issuer type. RD-F-183 red Bug bounty scope gap on highest-TVL contracts No bug bounty program exists on any platform (Immunefi null, Sherlock absent, Cantina absent, HackenProof 403, SECURITY.md absent). With zero bounty program, the highest-TVL contracts — TBILL V5 vault proxy (0xdd50C053, ~$84M TVL on Ethereum) and USDO token (0x8238884E) — are definitionally out of scope of any bounty. The absence of any program removes all economic incentive for whitehat disclosure on the most consequential EVM contracts. RD-F-001 yellow Audit scope mismatch Hacken Nov-2024 audited OpenEdenVaultV4Impl.sol at commit 1299050d098a626fffa2a652545ee40abb9f1d7a (finalized 2024-12-10). The currently deployed implementation on the TBILL proxy is 0xc4545Bf80f935894cbe138d86b506923dab7c048, identified by Etherscan as OpenEdenVaultV5 — deployed 2025-08-14. V5 adds instant redemption (redeemIns), setRedemption(), supply cap controls, and direct mint/burn/reissue operations — material new attack surface not covered by the V4 audit. Halborn Jul-Aug 2025 covers only StabilityVault.sol (USDO TGE). No audit covers the currently deployed V5 TBILL vault implementation. Scored yellow (not red) per briefing spiko/midas refinement for RWA issuers: V5 is an upgrade of audited V4 by the same team; correct initializer/disableInitializers patterns in place. RD-F-002 yellow Audit recency Most recent audit touching the TBILL vault: Hacken Nov-2024 (finalized 2024-12-10). From Dec 10 2024 to 2026-05-16 is approximately 523 days — in the yellow band (366–730 days). The deployed V5 implementation has no audit at all (deployed Aug 2025). Halborn Aug-2025 covers StabilityVault only. The 523-day gap applies to the last audit of any TBILL vault contract version. RD-F-003 yellow Resolved-without-proof findings Hacken Nov-2024 (7 findings): 4 Fixed, 2 Mitigated, 1 Accepted. The Accepted finding is F-2024-7417 (Low severity: unchecked integer casting) — deliberately left in code. No critical or high severity findings. One low finding accepted without on-chain proof of fix. Oct-2023 Hacken audit PDF not accessible (403 redirect on direct URL). Yellow for the accepted low finding with no resolution proof. RD-F-005 yellow Audit firm tier Hacken = Tier-2 (established firm, public track record, not in the Tier-1 list of ToB/OZ/ConsenSys/Certora/Sigma Prime/Spearbit/Zellic). Halborn = Tier-2. No Tier-1 audit of any currently-deployed bytecode found. Two Tier-2 firms is a solid posture but does not reach Tier-1 coverage. RD-F-006 yellow Audit-to-deploy gap Hacken Nov-2024 finalized 2024-12-10 (V4Impl, commit 1299050d). The V5 implementation was deployed 2025-08-14 — approximately 244 days after the last audit of V4, with no V5 audit. The audit-to-deploy gap for V5 exceeds the 60-day green threshold and the 180-day red threshold, but V5 is an upgrade of audited code rather than a fresh unaudited deployment. Yellow applied for the gap between audit and V5 deploy. RD-F-024 yellow Code complexity vs audit coverage GitHub repo has 8 total commits. Hacken Nov-2024 covered V4Impl only. V5Impl adds substantial new surface (instant redemption, mintTo/burnFrom/reIssue, setRedemption, supply cap) with no audit days covering this code. Halborn StabilityVault audit was 3 days / 1 FTE on a single separate contract. The ratio of new unaudited code complexity to audit coverage is adverse for V5. Borderline yellow: V4 was covered, V5 is genuinely new unaudited surface. RD-F-010 gray Static-analyzer high-severity count No published Slither/Mythril/Semgrep output available for OpenEden contracts. Cache static_analysis:[]. Source is verified on Etherscan (exact match, v0.8.9) making tool runs feasible, but no programmatic analysis was performed or published. Needs tool run. RD-F-011 gray SELFDESTRUCT reachable from non-admin path No published static analysis. Source verified on Etherscan; SELFDESTRUCT opcode not visible in ABI or obvious from contract type (UUPS upgradeable typically does not use SELFDESTRUCT). Cannot confirm without Slither suicidal detector run. RD-F-012 gray delegatecall with user-controlled target No published static analysis. UUPS pattern uses delegatecall internally with implementation target controlled by authorized upgrader only. User-controlled delegatecall cannot be confirmed or excluded without Slither controlled-delegatecall detector run. RD-F-013 gray Arbitrary call with user-controlled target No published static analysis. Arbitrary call with user-controlled target cannot be confirmed or excluded without Slither arbitrary-send-eth / controlled-delegatecall detector run on verified source. RD-F-014 gray Reentrancy guard on external-calling functions Hacken Nov-2024 did not flag reentrancy issues in V4Impl. V5 adds redeemIns() with external redemption contract call — a new external call path not in Hacken scope. Reentrancy guard presence on V5's external-calling functions cannot be confirmed without Slither analysis or source review. RD-F-015 n/a ERC-777/1155/721 hook without reentrancy guard TBILL vault is an ERC-4626-style vault accepting ERC-20 assets (USDC). ABI shows standard ERC-20 functions. No ERC-777, ERC-1155, or ERC-721 token integration visible. This factor requires token standards with callbacks; OpenEden's vault design does not use them. Architectural reason for not_applicable. RD-F-016 gray Divide-before-multiply pattern No published Slither divide-before-multiply output. Source verified on Etherscan. Needs tool run. RD-F-017 gray Mixed-decimals math without explicit scaling TBILL vault handles USDC (6 decimals) and vault shares. Decimal mismatch arithmetic is plausible in ERC-4626-style vaults. Hacken Nov-2024 did not flag mixed-decimal issues in V4. V5 unaudited. Cannot confirm without source review or Slither run. RD-F-018 gray Signed/unsigned arithmetic confusion No published symbolic execution output. Cannot assess signed/unsigned arithmetic confusion without Manticore/Echidna run or detailed source review. RD-F-019 gray ecrecover zero-address return unchecked No published Slither ecrecover-malleable output. ABI inspection shows no permit or EIP-712 signature functions visible, suggesting ecrecover may not be used in the vault. Cannot confirm without tool run. RD-F-020 n/a EIP-712 domain separator missing chainId TBILL vault V5 ABI does not show EIP-712 domain separator, permit, or signed-message functions. The vault operates via on-chain deposit/redeem calls without off-chain signature verification. EIP-712 domain separator factor is not applicable for a contract that does not use EIP-712 signatures. Architectural reason for not_applicable.

RD-F-004 green Audit count Two distinct audit firms with public reports covering OpenEden contracts: Hacken (two engagements: Oct-2023 and Nov-2024) and Halborn (Jul-Aug 2025). Meets the green threshold of ≥2 distinct firms. Note that Halborn's scope was limited to StabilityVault (USDO TGE) and Hacken's Nov-2024 scope was V4Impl; the TBILL V5 remains unaudited by any firm.

RD-F-008 green Ignored bounty disclosure No prior protocol security exploits recorded (cache rekt.incidents:[], defillama.hacks:[], hacksdatabase empty for openeden). With zero exploit history, there is no post-mortem documenting an ignored vulnerability disclosure. Green by absence of adverse evidence.

RD-F-021 green UUPS _authorizeUpgrade correctly permissioned V5Impl inherits UUPSUpgradeable from OpenZeppelin. OZ UUPS requires _authorizeUpgrade to be overridden with access control (standard pattern: onlyOwner). V5 source inherits OwnableUpgradeable + UUPSUpgradeable. Hacken Nov-2024 found no unprotected upgrade finding in V4. No unprotected-upgrade indicator in ABI or published audits.

RD-F-022 green Public initialize() without initializer modifier V5Impl constructor calls _disableInitializers() (confirmed via GitHub source). initialize(...) is declared external with the OpenZeppelin initializer modifier — confirmed via GitHub source and Etherscan ABI showing initialize function as nonpayable (standard OZ initializer pattern). USDO implementation (0x87e3ba) also uses initializer modifier on its initialize function. No unprotected initialize found on any inspected implementation contract.

RD-F-023 green Constructor calls _disableInitializers() V5Impl constructor confirmed to call _disableInitializers() via GitHub source inspection. USDO implementation follows the same OZ pattern. TBillPriceOracle uses a standard non-proxy constructor — _disableInitializers not applicable for non-proxy contracts. KycManager (deprecated) uses Ownable constructor. The proxied implementation contracts (V5, USDO) correctly call _disableInitializers.

Governance & admin Yellow 49 24 of 24

RD-F-032 red Timelock duration on upgrades No timelock identified on any chain. Data cache timelock_address: null. The 2025-08-14 vault V5 upgrade was executed directly by the Safe (execTransaction) without routing through any TimelockController. All prior upgrades (2024-12-20, 2024-12-23, 2024-02-15) also show no timelock intermediate. Red: no timelock on upgrades. RD-F-033 red Timelock on sensitive actions No timelock on any of the five sensitive action categories: (1) mint — USDO MINTER_ROLE callable directly, no timelock; (2) pause — controller role, no timelock; (3) rescue/offRamp — onlyOperator, no timelock; (4) setOracle — onlyOwner (Safe), no timelock; (5) upgrade — Safe execTransaction, no timelock. All five = un-timelocked. RD-F-040 red Emergency-veto multisig present No emergency-veto mechanism identified. The Safe itself is the only admin entity; no separate guardian with cancel power over the Safe's own transactions. No `cancel()` or veto function in vault V4Impl or USDO source. The USDO PAUSE_ROLE may be separate from Safe but provides only token-transfer freeze, not a governance-level veto. RD-F-041 red Rescue/emergencyWithdraw without timelock offRamp(uint256 _amt) in OpenEdenVaultV4 (lines 407-411) callable by onlyOperator transfers full underlying USDC balance to treasury in one call. Operator EOA 0xdBC3C410A9EdE40B86482Ca0677EccdeaF5a3fDe is a confirmed bare EOA (Phase -1) and is active (called UpdateEpoch 9 hrs before assessment). No timelock on this function. A compromised or rogue operator can drain the vault to treasury in a single transaction without multisig approval. [★ CRITICAL] RD-F-042 red Admin has mint() with unlimited max USDO token mint(address to, uint256 amount) requires MINTER_ROLE; no supply cap enforced (implementation source confirms no maxSupply or cap() function). USDO unlimited mint for MINTER_ROLE holder with no timelock gating. TBILL vault V5 removed the admin mintTo() function (commit 47a77ab) — TBILL minting is now demand-driven via deposit flow, not directly admin-mintable. USDO unlimited MINTER_ROLE mint is the critical risk. [★ CRITICAL] RD-F-025 yellow Admin key custody type Admin is a 4-of-5 Gnosis Safe (0x8Ec4dD2DF01c188Ac5a5D870029E9cbb820d5844, Safe v1.3.0) with no timelock. Classified as multisig (no timelock). Confirmed as DEFAULT_ADMIN_ROLE holder on TBILL Price Oracle and as the caller of the 2025-08-14 vault upgrade via execTransaction. Yellow because multisig exists (not EOA) but no timelock protects any sensitive action. RD-F-026 yellow Upgrade multisig signer configuration (M/N) 4-of-5 threshold on Safe 0x8Ec4dD2DF01c188Ac5a5D870029E9cbb820d5844. Five owners: 0x39736Ba27Dae1dc551EF1593ccF53f57798eF424, 0x40214aE3c737Cc61088b087e15A41FfCDBd5Ad05, 0x2e8aBe537b0e8fc57F5D7d319Ce315c5fB91fAc0, 0x818566E881e762BEaC64dc32F81Ffc380680251a, 0xBdADa500EF197Dde58A6EFb5DC8EC84989E4c2c8. None publicly attested by name. Nonce=142 (active Safe). Yellow for signer identity opacity. RD-F-027 yellow Single admin EOA Upgrade authority held by 4-of-5 Gnosis Safe (0x8Ec4dD2DF01c188Ac5a5D870029E9cbb820d5844), not a single EOA. The bare operator EOA 0xdBC3C410A9EdE40B86482Ca0677EccdeaF5a3fDe holds an operational role (UpdateEpoch, ProcessWithdraw, offRamp) but is not the upgrade authority. Yellow because the Safe controls upgrades with no timelock delay — 4 of 5 signers can upgrade instantly. RD-F-028 yellow Low-threshold multisig vs TVL 4-of-5 threshold on $128M TVL. Peer norm for $100-200M TVL band is 3-of-5 to 5-of-8; 4-of-5 is adequate (not abnormally low). Yellow rather than green due to signer identities being undisclosed — effective resilience cannot be confirmed without knowing signer independence. RD-F-029 gray Multisig signers co-hosted Cannot assess — five signer addresses not publicly identified; co-hosting inference not possible without knowing who the signers are. RD-F-030 gray Hot-wallet signer flag Cannot assess — signer identities not publicly disclosed. One signer (0x2e8aBe537b) used to sign the 2025-08-14 upgrade shows small ETH balance and token trades consistent with a hot wallet but full assessment requires all 5 signers to be analyzed. RD-F-031 gray Signer rotation recency Safe created January 30, 2023 (nonce=142 = 142 executed txs over ~3 years). No public record of signer additions, removals, or threshold changes found. No threshold reduction detected. RD-F-036 n/a Flash-loanable voting weight No on-chain governance token or Governor contract. Corporate-governed RWA issuer with no DAO. Architectural N/A per PD-042 RWA factor-flip. RD-F-037 n/a Quorum achievable via single-entity flash loan No on-chain governance. No quorum threshold. Corporate-governed RWA issuer per PD-042. RD-F-038 n/a Proposal execution delay < 24h No on-chain governance proposals. No execution delay applicable. Corporate-governed RWA issuer per PD-042. RD-F-039 n/a delegatecall/call in proposal execution without allowlist No proposal execution path. No on-chain Governor or Timelock with proposal execution. Corporate-governed per PD-042. Architectural N/A. RD-F-044 gray Admin wallet interacts with flagged addresses Cannot assess programmatically — no Chainalysis/TRM cluster feed available. Operator EOA 0xdBC3C410 shows routine vault ops in recent history with no obvious mixer interactions, but no formal cluster-feed check was performed. Safe signers not screened. RD-F-045 gray Constructor args match governance proposal No governance proposal exists (corporate-governed). Deploys announced via Medium posts without constructor arg specifications. No governance proposal text to compare against. RD-F-047 n/a Governance token concentration (Gini) No governance token. TBILL is a vault share token; USDO is a yield-bearing stablecoin. Neither functions as a governance token for an on-chain governance system. No on-chain governance. RD-F-167 gray Deprecated contract paused but pause reversible by live admin V1 vault (0xad6250f0) is listed as deprecated in docs. Current admin (Safe 0x8Ec4dD2D) retains administrative authority over it. No TVL in deprecated vault detected. Pause state on deprecated contract not verified on-chain. Low confidence without direct on-chain check.

RD-F-034 green Guardian/pause-keeper distinct from upgrader The `controller` role in the vault manages deposit/withdraw pause states and is distinct from the `owner` (Safe) which controls upgrades. setController() is callable by owner (Safe), but the controller itself is a separate address from the upgrade authority.

RD-F-035 green Role separation: upgrade ≠ fee ≠ oracle Upgrade role = Safe 0x8Ec4dD2D. Oracle update role = OPERATOR_ROLE on Price Oracle (0xFa2E954c). Fee collection = treasury addresses configured by Safe but distinct addresses from the upgrader. Three roles are held by distinct addresses.

RD-F-043 green Admin = deployer EOA after 7 days Vault proxy deployed Oct 18, 2023 by 0x7C699ABc. The 2025-08-14 upgrade was executed by Safe 0x8Ec4dD2D (not deployer EOA). Safe was created Jan 30, 2023 (before vault v2). Admin transferred to multisig well within 7 days. Deployer EOA is not the current owner/upgrade authority.

RD-F-046 green Contract unverified on Etherscan/Sourcify All core contracts verified on Etherscan with Exact Match: TBILL vault proxy (0xdd50C053) verified; V5 implementation (0xc4545Bf80f) verified Exact Match; USDO proxy (0x8238884E) verified; USDO implementation (0x87e3Ba92) verified; TBILL Price Oracle (0xCe9a6626) verified; KYC Manager (0x51Be497A) verified.

Oracle & external dependencies Yellow 28 17 of 17

RD-F-051 red Fallback behavior on oracle failure No fallback oracle. Vault implementation has a single oracle call (tbillUsdPriceFeed.latestRoundData()). On oracle failure or staleness >7 days, the vault reverts with TBillPriceOutdated error — behavior is halt (revert), not secondary-source fallback. No try/catch, no secondary oracle, no last-known-price fallback found in vault source. Single issuer-push model with revert-on-failure means any operator outage freezes vault operations after the staleness window. RD-F-057 red Circuit breaker on price deviation No vault-level circuit breaker on price deviation. The TBillPriceOracle itself has a 15% per-update deviation gate (comparing new price to closeNavPrice), but the vault has no independent circuit breaker checking the oracle price against any external reference. A corrupt price within ±15% of the prior NAV would be accepted unconditionally by the vault. Hacken Nov-2024 finding F-2024-7422 (oracle validation gap) was marked Fixed but the fix is input validation within the oracle, not an independent external cross-check or vault-level circuit breaker. No maxDeviationBps or priceGuard pattern found in vault source. RD-F-049 yellow Oracle role per asset Single oracle per chain for TBILL NAV: TBillPriceOracle is Primary and only feed. No Secondary or Fallback oracle configured for either Ethereum or Arbitrum vault. Vault implementation calls tbillUsdPriceFeed.latestRoundData() with no try/catch fallback or secondary source. USDO has no confirmed on-chain oracle for pricing; it rebases based on TBILL NAV. Yellow because primary-only, no fallback documented. RD-F-052 yellow Breakage analysis per dependency Breakage analysis: (1) TBillPriceOracle failure/staleness: vault reverts after 7 days; operator outage = protocol pause, not fund loss. (2) KYC Manager failure: all deposits/redemptions revert immediately. (3) Chainlink CCIP Router unavailability: USDO cross-chain transfers halt; local balances remain intact, no fund loss. (4) BNY Mellon off-chain failure: NAV attestation stops; oracle staleness after 7 days; vault operational pause. (5) Chainlink PoR stale: unknown impact (on-chain consumption not confirmed). Yellow: major dependencies documented with impact; no prior failure event for any dependency, but no formal mitigations published for extended BNY/operator outage. RD-F-058 yellow Max-deviation threshold (bps) TBillPriceOracle has maxPriceDeviation = 15 (15% per-update gate comparing new price to closeNavPrice). This gate exists in the oracle itself, not the vault. No independent vault-level deviation threshold. Oracle-side 15% gate prevents single-step large manipulation within the oracle, but offers no vault-level protection. Per F057 (no vault circuit breaker), the vault-level protection is absent. Yellow: oracle-side gate exists (15%) but vault-level bps threshold is absent. RD-F-059 yellow Oracle staleness check present Vault staleness check present: if (block.timestamp - updatedAt > 7 days) revert TBillPriceOutdated(updatedAt). Threshold is 7 days (604,800 seconds). This is wide for a daily-push NAV oracle — best practice would be 24–48 hours. However, for a T-bill NAV oracle subject to bank holidays and weekend closures, a 7-day window has documented operational rationale (3-day buffer mentioned in source context). Not red (check exists and halts on staleness), but yellow (threshold wider than best practice). RD-F-054 n/a TWAP window duration Protocol does not use DEX-TWAP oracles. TBillPriceOracle is issuer-push/attested model. No TWAP window to measure. RD-F-055 n/a Oracle pool depth (USD) No DEX-TWAP oracle used. Issuer-push model has no underlying pool depth. Not applicable. RD-F-056 n/a Single-pool oracle (no medianization) No DEX pool oracle used. Issuer-push model: medianization across venues is not the applicable framing. Factor targets DEX pool oracle medianization; not applicable to operator-attested NAV feed. RD-F-060 n/a Chainlink aggregator min/max bound misconfig TBillPriceOracle is a custom issuer-push oracle, not a Chainlink AggregatorV3. No minAnswer/maxAnswer bounds to assess. Chainlink PoR feed (announced March 2025 for USDO) has unconfirmed on-chain address — cannot assess its bounds. Factor targets Chainlink aggregator bounds specifically; not applicable to custom push oracle. RD-F-181 n/a Permissionless-pool lending oracle OpenEden TBILL is an RWA vault issuer, not a lending protocol. USDO is an RWA-backed stablecoin, not a lending market that accepts permissionlessly-listed collateral. No permissionless pool oracle acceptance logic exists. Per briefing pre-mark and PD-024 RWA type applicability, this factor is structurally not applicable for RWA issuers.

RD-F-048 green Oracle providers used TBILL uses a single issuer-push/attested oracle (TBillPriceOracle, OpenEden-operated) on Ethereum (0xCe9a6626Eb99eaeA829D7fA613d5D0A2eaE45F40) and Arbitrum (0xc0952c8ba068c887B675B4182F3A65420D045F46). The oracle exposes a Chainlink-compatible interface (latestRoundData()) but data is operator-attested NAV, not a DEX pool. No TWAP or spot DEX oracle used. Chainlink Proof of Reserve announced March 2025 for USDO backing verification; on-chain feed address not confirmed in public docs as of 2026-05-16. Multiple Chainlink feed addresses in the data-cache oracle_feeds block appear to be pipeline noise — none confirmed as consumed by TBILL vault logic.

RD-F-050 green Dependency graph (protocols depended upon) External dependency graph enumerated: TBillPriceOracle (issuer-push NAV), KYC Manager (gating all deposits/redemptions), Chainlink CCIP Router (USDO cross-chain CCT), Chainlink Proof of Reserve (USDO backing, announced March 2025), BNY Mellon off-chain (T-bill custody + investment management), Elliptic off-chain (AML screening), LI.FI (frontend routing only). XRPL surface is separate substrate. Breakage impact documented: BNY pipeline failure → oracle staleness → vault pause after 7 days. Green: major dependencies are highly reliable (BNY, Chainlink) with established track records; no single dependency with prior failure event.

RD-F-053 green Oracle source = spot DEX pool (no TWAP) [★ CRITICAL — green] TBillPriceOracle is issuer-push/attested. No DEX pool interaction. Operator submits NAV price via updatePrice(uint256 price) with onlyAdminOrOperator access control. No slot0(), getReserves(), or Uniswap TWAP calls. The vault calls latestRoundData() on this custom oracle. RWA NAV not manipulable via DEX flash loan. F053 criteria (spot DEX pool with no TWAP) are not met — oracle source is authorized operator attestation, not a DEX.

RD-F-061 green LP token balanceOf used for pricing TBILL vault does not use LP token balanceOf for pricing. Price is derived from TBillPriceOracle via latestRoundData() — issuer-attested NAV, not a balanceOf call. No LP tokens in the price calculation path.

RD-F-062 green External keeper/relayer not redundant No external keeper/relayer dependency identified. Vault epoch updates (updateEpoch calls) originate from operator EOA or admin addresses directly — not Gelato, Chainlink Automation, or any third-party keeper service. Centralized operator model; not a keeper dependency. The operator is permissioned (RWA model), so single-operator reliance is a governance risk (assessed separately), not a keeper-redundancy risk under F062.

RD-F-180 green Immutable oracle address [★ CANDIDATE per PD-017; promoted ★ by T-14 2026-04-22] Oracle address is NOT immutable. Vault implementation exposes setTBillPriceFeed(address _priceFeed) allowing the owner to replace the oracle. The tbillUsdPriceFeed state variable is mutable (confirmed via tbillUsdPriceFeed() view function returning current address). No immutable keyword found on oracle-related variables in either TBillPriceOracle.sol or the vault implementation. The oracle can be swapped via a single admin action. Residual risk: setTBillPriceFeed has no timelock (a Cat 2 F033 concern), but that is timelocking risk, not oracle-immutability risk. F180 criteria (oracle address immutable with no admin-replaceable adapter) not met; score green.

Economic risk Yellow 40 13 of 13

RD-F-074 red ERC-4626 virtual-share offset (OZ ≥4.9) OpenEdenVaultV4Impl.sol uses custom ERC-4626-style share accounting WITHOUT the OpenZeppelin >= 4.9 virtual-share offset. The _convertToShares function is: assets.mulDiv(tbillDecimalScaleFactor, tbillUsdcRate()) — a pure rate-based formula with no virtual offset added to totalSupply or totalAssets. totalAssets() computes (totalSupply() * tbillUsdcRate()) / tbillDecimalScaleFactor with no virtual shares added. V5Impl.sol initializer sets tbillDecimalScaleFactor = 10 ** _underlying.decimals() (6 for USDC) but mints ZERO initial shares (no dead-shares seed). This means on an empty vault, an attacker who can donate USDC directly to the vault contract before the first legitimate deposit can inflate the share price, causing subsequent depositors to receive fewer shares than expected (rounding down to zero for small deposits). The TBILL vault is NOT ERC-4626 OZ >= 4.9 compliant in this regard. Mitigating context: (1) All depositors must be KYC whitelisted — non-whitelisted parties cannot call RD-F-064 yellow TVL concentration (top-10 wallet share) 42 total TBILL holders across all chains (Ethereum 34, XRPL 3, Arbitrum 3, Solana 2). With only 42 holders, top-10 wallet concentration is structurally very high (likely >80%). XRPL substrate holds 30.96% (~$39.67M) anchored significantly by Ripple's $10M Aug-2024 investment — single-entity concentration risk. 30-day active addresses: 11. Institutional-only access ($100K minimum subscription) means the holder base is concentrated by design. A single large institutional exit (as occurred Oct-2024: ~$30M withdrawal post co-founder termination) can produce outsized TVL movement. RD-F-065 yellow Liquidity depth per major asset No DEX or AMM secondary market for TBILL found. Primary redemption is KYC-gated (whitelist mandatory), T+1 US business day settlement, minimum $1 USDC. Institutional-only with $100K minimum subscription. Monthly transfer volume ~$34.7M (32 transfers) at rwa.xyz is primary-market activity, not secondary DEX liquidity. No on-chain 2%/5% price-impact depth measurable — TBILL is not listed on any DEX. USDO is designed for DeFi composability (cUSDO wrapper, Chainlink CCIP for Base), but no significant DEX liquidity pool found at assessment time. Effective liquidity for any holder seeking exit: primary redemption queue only, subject to T+1 settlement and KYC restrictions. RD-F-075 yellow First-depositor / share-inflation guard The vault implements a firstDepositMap[sender] + firstDepositAmt check: first-time depositors must meet a higher minimum deposit threshold. This is semantically a UX guardrail / minimum-size enforcement, NOT a share-inflation attack defense. The firstDepositAmt check prevents a first-time depositor from making an undersized deposit, but it does NOT prevent a pre-existing USDC donation from inflating the exchange rate before a legitimate first depositor arrives. No dead shares are burned at vault deployment. No seed deposit is made by the protocol operator at initialization. The _validateKyc(sender, _receiver) call in the deposit function means only whitelisted addresses can deposit — this is the effective practical guard against external inflation attacks (non-whitelisted attackers cannot execute the second step). Full red is averted by this KYC functional mitigation. The Arbitrum vault at ~$13K TVL is near-empty and represents the highest exposure. Assessment: yellow — a partial guard RD-F-066 n/a Utilization rate (lending protocols) OpenEden has no borrow markets. Not a lending protocol. Cache confirms borrow.present=false, total_borrowed_usd=null. PD-024 designates F066 as lending-only N/A. RD-F-067 n/a Historical bad-debt events No lending or collateral mechanism exists. No borrow positions, no liquidations, no bad-debt accumulation possible in TBILL vault architecture. PD-024 lending-only designation applies. RD-F-068 n/a Collateralization under stress No leveraged collateral positions exist. TBILL is 1:1 backed by T-bill pool; no collateral stress simulation applicable. USDO is backed by T-bills and reverse repurchase agreements. No under-collateralized positions possible in current architecture. PD-024 lending-only designation applies. RD-F-069 n/a Algorithmic / under-collateralized stablecoin USDO is a fully-collateralized yield-bearing stablecoin backed by US Treasury bills and reverse repurchase agreements. It is NOT an algorithmic or under-collateralized stablecoin design. Peg maintained via redemption at NAV, not seigniorage mechanics. TBILL is fully backed 1:1 by T-bill pool. Per briefing §7: 'USDO is RWA-backed, NOT an algo stablecoin; TBILL is fully-backed.' PD-024 and briefing pre-mark both confirm not_applicable. RD-F-070 n/a Empty cToken-style market (zero supply/borrow) OpenEden is an original RWA vault issuer, NOT a Compound V2 fork. No cToken-style markets exist. The empty-market donation-exploit pattern (zero totalSupply + zero totalBorrow on a listed cToken market) has no equivalent in the TBILL vault architecture. Per taxonomy Cat 4 note: F070 is 'Compound-fork-only'. Per briefing pre-mark: 'F070 not_applicable (Compound-fork-only; OpenEden is an RWA issuer).' RD-F-071 n/a Seed-deposit requirement for new market listing No Compound-style per-market listing governance exists. TBILL is a single-product vault, not a multi-market lending protocol with market-listing mechanics. PD-024 lending-only designation applies. RD-F-072 n/a Market-listing governance threshold No permissionless or governance-threshold market listing mechanism. OpenEden adds products via corporate decision. No on-chain governor or DAO. PD-024 lending-only designation applies. RD-F-073 n/a Oracle-manipulation-proof borrow cap No borrow mechanism; no per-asset borrow cap configuration exists. OpenEden does not enable borrowing against deposited assets. PD-024 lending-only designation applies.

RD-F-063 green TVL (current + 30d trend) TVL $128.12M as of 2026-05-16T09:41:48Z (DefiLlama cache). 30-day change -12.92%. 12-month peak $161.69M (~2025-04-28). Protocol active ~37 months since beta (2023-03-28). TVL exceeds $100M coverage threshold. Declining from Apr-2025 peak but remains above threshold.

Operational history Green 12 15 of 15

RD-F-089 red Insurance coverage active No active insurance coverage found on Nexus Mutual, Sherlock, Unslashed, or equivalent DeFi insurance platforms. Immunefi search returned no OpenEden listing. Cache bug_bounty.platform:null. OpenEden docs (trust-and-transparency page, migration announcement, FAQ) contain no mention of insurance coverage. The protocol holds $128M TVL with zero protocol-level DeFi insurance. DeFi insurance platforms do cover RWA vault smart contract risk in principle (Nexus Mutual, Sherlock); OpenEden has not purchased or listed any coverage. RD-F-084 yellow TVL stability (CoV over 90d) Cache tvl_cov_90d.cov = 0.1778 (mean $123.3M, std $21.9M, 90-sample window 2026-02-17 to 2026-05-16). CoV falls in the 0.15–0.35 yellow band. The elevated CoV reflects a large-depositor inflow/outflow cycle (TVL spike to ~$161M peak in late April 2025, followed by retreat to ~$128M) rather than systemic instability. The Oct-2024 co-founder event (~$30M TVL withdrawal) predates the 90-day window and is not the primary driver of the current CoV. RD-F-081 gray Post-exploit response score No prior exploits; post-exploit response scoring is not applicable. Per methodology: gray = no prior exploits (N/A). RD-F-082 gray Post-mortem published within 30 days No prior exploits; post-mortem publication timeline is not applicable. Per methodology: gray = no prior incidents (N/A). RD-F-083 gray Auditor re-engaged after last exploit No prior exploits; post-incident re-audit assessment is not applicable. Per methodology: gray = no prior exploits (N/A). RD-F-085 gray Incident response time (minutes) No prior security exploits; incident response time is not applicable. Per methodology: gray = no prior incidents (N/A). The Oct-2024 co-founder termination prompted a same-day corporate statement but is not a protocol exploit response.

RD-F-076 green Protocol age (days) TBILL beta vault first recorded TVL on 2023-03-28 (DefiLlama ts 1679961600 = $10,009). TBILL v2 proxy deployed 2023-10-18 (Etherscan block 18,376,020). Age from beta genesis = ~37 months; from v2 proxy = ~31 months. Both exceed the 365-day green threshold. Protocol has sustained real capital ($128M current TVL, $161.7M 12-month peak) without a liveness interruption.

RD-F-077 green Prior exploit count Zero protocol security exploits found. Searched: hacksdatabase/ (grep 'openeden' on all hacks/*.json files — 0 results); rekt.incidents:[]; defillama.hacks:[]; Immunefi (no program, no disclosed payouts); OSINT (no SlowMist or De.Fi entries for OpenEden). The Oct-2024 co-founder termination (Eugene Ng) is an operational/personnel event excluded from exploit base-rate per RWA personnel rule — no funds were lost or stolen.

RD-F-078 green Chronic-exploit flag (≥3 incidents) Derived from F077: 0 protocol security exploits. Chronic flag threshold is >=3 incidents. With 0, this factor is clearly green.

RD-F-079 green Same-root-cause repeat exploit Derived from F077: 0 protocol security exploits. With no incidents, no same-root-cause repeat is possible.

RD-F-080 green Days since last exploit No exploits on record. Per methodology: green = >365 days or no incidents. Condition satisfied — no incident has ever occurred.

RD-F-086 green Pause activations (trailing 12 months) No deliberate pause activations found in the trailing 12 months (2025-05-16 to 2026-05-16). No public announcement of emergency pauses identified via web search, protocol news monitoring, or OpenEden official channels. The TBILL vault V4 implements circuit-breaker/pause functionality (per Hacken Nov-2024 audit scope), but no Paused events were reported during or after the Oct-2024 co-founder event. Score green (0 pauses in 12 months).

RD-F-087 green Pause > 7 consecutive days No pause events identified in any trailing window; therefore no pause >7 consecutive days exists. Score green per methodology.

RD-F-088 green Re-deployed to new addresses in last year The TBILL v1→v2 migration occurred in November 2023, which is outside the trailing 12-month window from 2026-05-16. The V4 implementation upgrade on 2025-08-14 was an in-place proxy upgrade at the same proxy address (0xdd50C053C096CB04A3e3362E2b622529EC5f2e8a), not a full redeployment to new addresses. Score green (no full redeployment to new address set in last 12 months).

RD-F-166 green Deprecated contracts still holding value TBILL v1 vault (0xad6250f0BD49F7a1eB11063af2cE9F25B9597b0F) is deprecated (Etherscan labels 'Old Contract', 0 transfers in 24h, 28 residual holders). Direct balance check 2026-05-16: ETH = $0; token holdings ~$274 total (25.60 LINK + 26 USDC). Well below the $100K threshold. Migration to v2 vault (0xdd50C053) is effectively complete. Score green.

Real-time signals Green 8 22 of 22

RD-F-099 yellow Oracle price deviation >X% from secondary Oracle price deviation signal (T-09 phase 2, tier-B). Partially applicable: TBILL Price Oracle at 0xCe9a6626Eb99eaeA829D7fA613d5D0A2eaE45F40 (Ethereum) is an issuer-push/attested NAV feed — not a DEX spot price. A secondary-source comparison for T-bill NAV is structurally difficult (no DEX liquidity for T-bill NAV; no canonical alternative NAV feed). Chainlink PoR (announced March 2025) covers backing attestation but not real-time price deviation. Signal architecture partially non-applicable for RWA issuer-push NAV. Issuer-push model provides lower oracle-manipulation risk than DEX-spot model. Yellow: signal applicable in principle but secondary-source mapping requires curator work and the architecture reduces risk versus a typical lending oracle. RD-F-090 gray Mixer withdrawal → protocol interaction Mixer-withdrawal-to-protocol-interaction signal. T-09 phase 2 (tier-C advisory). Applicable to EVM portion; XRPL ~31% of TVS not monitorable by EVM mempool/cluster feed. Operator EOA 0xdBC3C410 and deployer funding chain show no labeled mixer interaction at visible public hops. Pipeline wallet-clustering feed not built. No mixer-wallet interaction observed through public Etherscan and web search sources. RD-F-091 gray Partial-drain test transactions Partial-drain test transactions signal. T-09 v2 deferred. Oct-2024 $30M TVL drop was institutional redemption (DWF Labs withdrawal post co-founder termination), not a pre-drain test pattern. No small-value drain sequence identified in TVL history. Pipeline on-chain pattern-match not built. RD-F-092 gray Unusual mempool pattern from deployer wallet Unusual mempool pattern from deployer wallet. T-09 v2 deferred. Operator EOA 0xdBC3C410 is active with 1,574 transactions (regular oracle-update and vault epoch operations). No unusual pattern observed. Pipeline mempool-baseline monitoring not built. RD-F-093 gray Abnormal gas-price willingness from attacker wallet Abnormal gas-price willingness from attacker wallet. T-09 v2 deferred. No attacker wallet identified for OpenEden. Pipeline not built. RD-F-094 gray New contract with similar bytecode to exploit template New contract deployment with similar bytecode to protocol target. T-09 v2 deferred. No matching bytecode deployment observed through public sources. OpenEden TBILL vault is an original ERC-4626 implementation (not a fork); exploit-template library for this class is sparse. Pipeline on-chain sweep not built. RD-F-095 gray Known-exploit function-selector replay Specific function-selector call-pattern (exploit replay). T-09 v2 deferred. No known exploit-replay template for OpenEden-class RWA vault found. KYC whitelist gating reduces exposure to replay attack patterns targeting standard ERC-4626 vaults. Pipeline not built. RD-F-096 gray New ERC-20 approval to unverified contract from whale New ERC-20 approval to unverified contract from high-TVL user. T-09 v2 deferred. TBILL is KYC-permissioned — user set is institutional and whitelisted, constraining sybil/unverified-contract approval attack surface. Whale-address enumeration not built. RD-F-097 gray Sybil surge of identical-pattern transactions Sybil surge of identical-pattern transactions. T-09 v2 deferred. TBILL KYC whitelist structurally limits sybil-wallet attacks on the primary vault. USDO on Base may be more open; not assessed. Pipeline clustering not built. RD-F-101 n/a Large governance proposal queued Governance proposal queued signal (T-09 v1 launch). Not applicable: OpenEden is corporate-governed with no on-chain governor, no Snapshot space, no Aragon voting, no DAO. Cache governance.type=unknown, governor_address=null. No governance contracts exist to fire this signal against. RD-F-102 gray Admin/upgrade transaction in mempool Admin/upgrade tx in mempool signal (T-09 phase 2, tier-B). Applicable: operator EOA 0xdBC3C410 and TBILL proxy 0xdd50C053 are EVM-monitorable. Mempool listener stack not built. No upgrade pending as of 2026-05-16. Last vault upgrade to V4 implementation was 2025-08-14 (past event, not current). Signal would be applicable if wired. RD-F-103 n/a Bridge signer-set change proposed/executed Bridge signer-set change signal (T-09 v1 launch, tier-A). Not applicable: has_bridge_surface=false. USDO uses Chainlink CCIP CCT (burn-and-mint, not ecrecover/Merkle-root bridge). XRPL TBILL is native XRPL issuance, not bridged from EVM. No bridge signer set exists to monitor. Spiko/CCIP precedent confirmed by profile §7. RD-F-105 gray DNS/CDN/frontend hash drift DNS/frontend hash drift signal (T-09 phase 2, tier-A). Applicable: openeden.com, app.openeden.com, docs.openeden.com are live production frontends. External monitoring stack not wired. Spot check 2026-05-16: openeden.com WHOIS shows registration 2013-02-13, updated 2026-02-28, expires 2029-02-13 (active maintenance). No DNS anomaly or cert irregularity observed through public spot check. Pipeline monitoring absent. RD-F-106 n/a Cross-chain bridge unverified mint pattern Cross-chain bridge tx pattern (deposit-src, mint-dst without proof). Not applicable: USDO uses Chainlink CCIP CCT (burn-and-mint with Chainlink attestation, not Merkle-proof); XRPL TBILL is native XRPL issuance, not bridged. Signal targets ecrecover/Merkle-root bridge deposit-without-proof patterns — not present in this protocol's cross-chain architecture. Same not_applicable ruling as for RD-F-103. RD-F-107 gray Admin EOA signing from new geography/device Admin EOA signing from new geography/device fingerprint. T-09 v2 deferred. Applicable: operator EOA 0xdBC3C410 is actively signing transactions. Off-chain signing telemetry not available through any public source. Requires MPC/session-key provider data not publicly exposed. RD-F-108 gray GitHub force-push to sensitive branch GitHub force-push/sensitive-branch push. T-09 v2 deferred. Applicable: github.com/OpenEdenHQ/openeden.vault.audit is public (8 commits total, last commit 2025-09-08). GitHub API monitoring not wired. No public force-push event observed. Low commit velocity (8 total commits) reduces baseline noise. RD-F-109 gray Social-media impersonation scam spike Social-media impersonation scam-spike. T-09 v2 deferred. Applicable: OpenEden has X (@OpenEden_HQ), Telegram, LinkedIn. No scam-spike or impersonation campaign found through web search 2026-05-16. Pipeline social-media monitoring not built. KYC-gated institutional access reduces retail phishing target surface but brand impersonation risk exists. RD-F-110 n/a Unusual pending/executed proposal ratio Unusual pending/executed governance proposal ratio. Not applicable: corporate-governed, no on-chain governor, no Snapshot, no DAO. No governance contracts exist from which proposal ratios could be computed. RD-F-182 gray Security-Council threshold reduction (RT) Security-Council threshold reduction event (batch-24 RT signal, T-09 v1.1 candidate). Conditional applicability: signal targets Safe/multisig threshold reduction events. OpenEden has no publicly identified Safe multisig — cache safe_multisigs=[], operator is a bare EOA (0xdBC3C410). Migration announcement references 'independent third-party multisig' but no address published. If governance-admin analyst identifies a Safe address, this signal becomes applicable. Currently gray because no multisig contract is identified to monitor. Note: the bare-EOA operator pattern is a different risk (no multisig at all, single point of failure) — assessed under Cat 2 ★ factors, not this RT signal.

RD-F-098 green TVL anomaly — % drop in <1h TVL anomaly signal (T-09 v1 launch, tier-A). Applicable: EVM portion tracked via DefiLlama; XRPL ~31% coverage may have slower update cadence. Current posture: TVL $128.12M; 30d change -12.92% (gradual decline, not single-hour crash); tvl_1d_change_pct = 0.0 per cache. Oct-2024 $30M withdrawal was DWF Labs institutional redemption spread over ~24 hours — below tier-A 70%-in-1h threshold. No TVL anomaly currently firing. Signal is applicable and green.

RD-F-100 green Flash loan >$10M targeting protocol tokens Flash-loan targeting signal (T-09 phase 2, tier-B advisory). Low applicability by architecture: TBILL vault requires KYC whitelist for deposit/redeem — non-whitelisted flash-loan contracts cannot interact with vault state. NAV oracle is issuer-push (not DEX-spot-manipulable via flash loan). No on-chain governance for flash-loan-governance attacks. Primary flash-loan attack vectors are blocked by KYC gating + issuer-push NAV. Signal does not fire and low-probability by design.

RD-F-104 green Stablecoin depeg >2% on shared-LP venue Stablecoin depeg signal (T-09 v1 launch, tier-B). Low applicability: TBILL is a T-bill-backed RWA token, not a stablecoin. Protocol does not hold >5% TVL in any third-party stablecoin dependency (collateral is US T-bills, not USDC/DAI/USDT). USDO is the protocol's own T-bill-backed stablecoin — its backing is T-bills, not an algo or fractional reserve. No triggerable third-party stablecoin dependency >5% of TVL identified. Signal does not fire by design for this RWA vault architecture.

Dev identity & insider risk Green 16 16 of 16

RD-F-117 red ENS/NameStone identity bound to deployer Deployer EOA 0x7C699ABc0118e5d0fac0a7f317da79275364C50 has no ENS primary name per Etherscan display (no ENS label shown on the TBILL vault contract page for its creator address). ENS absence is the expected norm for institutional RWA deployers operating via a corporate entity (River Labs Pte Ltd / OpenEden Group) — analogous to circle-usyc, spiko, midas peers. Red per rubric (no ENS/NameStone binding) but low risk-signal in institutional-corporate context; this factor is a structural red, not a behavioural-risk red. RD-F-113 yellow Team other-protocol involvement history Core co-founders have clean institutional prior history (Gemini, Goldman Sachs, Bybit — no rug affiliations). Mild yellow from two signals: (1) co-founder Eugene Ng was also a DWF Labs partner; terminated Oct-2024 for personal-conduct allegations, not crypto fraud; DWF Labs withdrew funds from OpenEden as a result. (2) Contractor Jerome Augustine (engaged Jul 2024, resigned late Oct 2024) was founder of Braq (NFT fractionalization project, 2022–2023) where treasury NFTs were moved from a 2-of-3 multisig under disputed circumstances; The Block describes the Braq community still wondering 'where its NFTs went.' Augustine held no admin-key access at OpenEden; characterized as a consultant. Yellow (not red) because the rug-class affiliation is from a non-core contractor, not a named co-founder. RD-F-114 yellow Deployer address prior on-chain history Deployer EOA 0x7C699ABc0118e5d0fac0a7f317da79275364C50 created TBILL vault v2 (0xdd50C053...) in block 18,376,020 (October 2023). No Chainalysis/Arkham/Nansen public label associating this address with rug-deployer class or sanctioned entity found in OSINT. Yellow (not green) because exact first-inbound funding transaction was not enumerated in this assessment: Etherscan direct fetch of deployer EOA returned 'Invalid Address' error (case-sensitivity issue in WebFetch tool). The address is confirmed as the vault creator from the contract page. OpenEden's regulatory posture (Bermuda DABA, Elliptic compliance, Coinbase Prime) is inconsistent with a rug-class deployer. Curators should manually verify funding provenance for full green. RD-F-115 yellow Prior rug/exit-scam affiliation No core co-founder (Jeremy Ng, Duke Du) linked to prior rug or exit scam. Eugene Ng (co-founder, terminated Oct 2024) terminated for personal conduct, not crypto fraud. Jerome Augustine (biz-dev contractor, Jul–Oct 2024) is founder of Braq (2022–2023), a failed NFT fractionalization project where treasury NFTs were moved from a 2-of-3 multisig under disputed circumstances. The Block describes Braq community awaiting resolution; Augustine stated intent to repay. OpenEden characterized him as a consultant (not core team, no admin-key access). Yellow because a contractor with a disputed prior project was briefly associated with OpenEden, not meeting the red threshold of a confirmed rug affiliation for a core team member. RD-F-123 yellow Sudden admin-rescue/ACL change without discussion Two events assessed: (1) Nov-2023 full-launch migration announcement references 'independent third-party multisig' as a security measure but discloses no address, threshold, or signers; no public GitHub issue/PR or governance forum discussion of the admin-key transition is locatable. (2) Dec 2024 proxy upgrades (implementation changed Dec 20 + Dec 23, 2024 per Etherscan events) occurred after Eugene Ng termination (Oct 31, 2024); no corresponding public PR discussion, governance-forum rationale, or team announcement explaining admin-key implications was found. The EDEN governance portal (Tally, launched Jan 2026) covers EDEN token proposals, not vault admin-key management. Yellow per RWA-corporate-issuer norm (circle-usyc/spiko/superstate/midas precedent at PD-042): institutional issuers do not publicize admin-key arrangements; opacity is corporate governance norm, not demonstrated concealment. RD-F-184 gray Real-capital social-engineering persona No curator-flagged social-engineering persona with ≥$1M real-capital deposits to OpenEden or peer protocols identified. The Oct-2024 co-founder termination event (Eugene Ng) was a corporate-misconduct situation, not a Drift/UNC4736-class infiltration. Contractor Jerome Augustine (Braq) was a biz-dev consultant without admin-key access; his role does not fit the social-engineering credentialing pattern. No Drift-class persona identified in OSINT. Gray because categorical confirmation that no such persona exists requires curator cross-source verification beyond available OSINT.

RD-F-111 green Team doxx status Three co-founders are fully real-name identified: Jeremy Ng (CEO; Goldman Sachs 1999-2015, Deutsche Bank, Leonteq Asia CEO, Gemini APAC MD; CFA charterholder since 2003; 5K LinkedIn followers; Milken Institute + Conviction 2026 conference appearances); Duke Du (CTO; ex-Bybit DeFi team tech lead; Singapore PEP; LinkedIn + GitHub dukedaily active); Eugene Ng (co-founder, terminated Oct 2024 for personal conduct; former Gemini APAC head of BD; identity confirmed via multiple news sources). Exceeds green threshold of ≥2 core team members real-name with verifiable prior professional history.

RD-F-112 green Team public accountability surface Jeremy Ng: ≥5 verifiable trails (LinkedIn with full 1999–present employment history; IQ.wiki bio; RootData profile; Forkast News author page; Milken Institute + Conviction 2026 conference appearances; multiple TradFi employer records via FinanceMagnates). Duke Du: ≥3 trails (LinkedIn employment history; GitHub dukedaily 294 followers with public Solidity tutorials; Bybit prior role verifiable via search). Both active leadership members exceed the green threshold of ≥3 verifiable trails per core member.

RD-F-116 green Contributor tenure at admin-permissioned PR All 8 commits in the public audit repo openeden.vault.audit are by 'dukedaily' (Duke Du, CTO co-founder). Duke Du is a co-founder with 3+ years tenure at OpenEden (founded 2022). His prior role at Bybit and education (Shenyang Ligong University, Computer Software Engineering 2008–2012) provide a verifiable technical background. No external or short-tenure contributor is the author of admin-permissioned code changes in the public repo. Exceeds green threshold of ≥180 days tenure.

RD-F-118 green Handle reuse across failed/rugged projects No social handles for core co-founders (Jeremy Ng, Duke Du) identified as previously associated with rugged or failed projects under different aliases. Eugene Ng deleted his X profile post-termination but his identity was not associated with a prior rug alias. Jerome Augustine (contractor) operated under his own name with Braq — no alias-switching handle reuse detected. No rug-class handle reuse found for any OpenEden core or contractor personnel.

RD-F-119 green Commit timezone consistent with stated geography All 8 public commits in openeden.vault.audit are by 'dukedaily' (Duke Du). GitHub profile timezone for dukedaily confirmed as UTC+8 (Singapore Standard Time) via search results citing his LinkedIn/GitHub metadata. Commit dates (Jul 11 – Sep 8, 2025) are consistent with UTC+8. No DPRK-precursor UTC+9 anomaly detected. Commit pattern is consistent with stated Singapore geography.

RD-F-120 green Video-off/voice-consistency flag Jeremy Ng is an active public speaker confirmed at Milken Institute Global Conference and Conviction 2026 events (referenced in LinkedIn activity). He is a published author on Forkast News. OpenEden's institutional regulatory context (Moody's TBILL rating, Bermuda DABA license, investor relations) implies consistent in-person representation. No evidence of systematic video-off behaviour or voice/timezone inconsistency found. Evidence is indirect (conference attendance referenced, not direct video-interview URL) but consistent across institutional context.

RD-F-121 green Contributor OSINT depth score Jeremy Ng scores 5/5: full employment history from 1999 (Goldman Sachs through OpenEden); CFA charterholder; 5K LinkedIn followers; IQ.wiki + RootData + FinanceMagnates public records; conference presence (Milken, Conviction 2026). Duke Du scores 3/5: LinkedIn with employment history (Bybit, Qihoo 360, Comba Telecom); GitHub (294 followers, public tutorials); Singapore PEP. Average for current active leadership (Jeremy 5, Duke 3) = 4.0, meeting the green threshold of ≥4.

RD-F-122 green Contributor paid to DPRK-cluster wallet No evidence of protocol payments to any contributor wallet with on-chain path ≤3 hops to DPRK-labeled cluster. OpenEden operates through a Singapore corporate entity (River Labs Pte Ltd) with regulatory compliance obligations (Bermuda DABA license, Elliptic screening). No public CTI report (Chainalysis, TRM, OFAC) associates any identified OpenEden team member wallet with DPRK proximity. Private CTI was not queried; confidence is low but consistent with RWA peer cohort (all green here).

RD-F-124 green Deployer wallet mixer-funded within 30 days Deployer EOA 0x7C699ABc0118e5d0fac0a7f317da79275364C50 (TBILL vault v2 creator, Oct 2023) shows no Tornado Cash, Railgun, or mixer transactions in OSINT review. No public CTI label (Chainalysis/Arkham/Nansen) associating this address with mixer withdrawal identified. OpenEden's regulatory posture (Bermuda DABA license, Elliptic compliance partner for investor AML, Coinbase Prime on-ramp) is directly incompatible with mixer-sourced deployer funds. Gap: exact first-inbound transaction to deployer EOA was not confirmed (Etherscan direct fetch limitation). Evidence is absence-of-positive-mixer-label combined with institutional regulatory context. Consistent with RWA peer cohort (circle-usyc/spiko/superstate/midas all green on this factor). Curator should manually confirm no mixer interaction in first-inbound tx at https://etherscan.io/address/0x7C699ABc0118e5d0fac0a7f317da79275364C50.

RD-F-125 green Deployer linked within 3 hops to DPRK/Lazarus No OFAC SDN listing found for any identified OpenEden address, team member name, or entity (OpenEden Group, River Labs Pte Ltd, OpenEden Digital). No Chainalysis public report, TRM Labs advisory, or OFAC Ethereum SDN list associating deployer EOA or operator address with DPRK/Lazarus cluster. Oct-2024 co-founder termination (Eugene Ng) was for personal-conduct allegations (drink-spiking) with no nation-state characterization in any source. Fully doxxed TradFi leadership team; Binance Labs investor (Sep 2024); Ripple $10M XRPL anchor (Aug 2024). Consistent with RWA peer cohort (all green). Private CTI (Chainalysis Reactor/TRM) not queried; confidence is medium but consistent with institutional profile.

Fork / dependency lineage Green 17 10 of 10

RD-F-135 yellow Shared-library version with known-vuln status OZ 4.9.0 is in use (cache confirmed). GHSA-699g-q6qh-q4v8 (Dec 2023, Moderate: duplicated subcall execution) explicitly affects version 4.9.4 — not 4.9.0. GHSA-9vx6 (Feb 2024, Low: Base64 dirty memory) affects certain versions but is Low severity. OZ 5.x has been released; the 4.9.x minor track receives no new security patches. The 4.9.0 version carries no active Critical/High CVE but is on an unsupported minor track relative to current 5.x releases. Yellow for library age / inactive patch track. RD-F-126 n/a Is-a-fork-of OpenEden is an original RWA issuer. The openeden.vault.audit GitHub repo has no upstream fork indicator. Hacken Nov-2024 identifies OpenEdenVaultV4Impl.sol as a custom implementation. The protocol adapts EIP-4626 standard but is not a fork of any DeFi protocol. RD-F-127 n/a Upstream patch not merged No upstream fork — factor requires an identified upstream protocol with patch history. Not applicable for original implementations. RD-F-128 n/a Upstream vulnerability disclosure (last 90d) No upstream fork — factor requires an identified upstream protocol with vulnerability disclosures. Not applicable for original implementations. RD-F-129 n/a Code divergence from upstream (%) No upstream fork — code divergence from upstream is not measurable for original implementations. RD-F-130 n/a Fork depth (generations from original audit) No upstream fork — fork depth is zero by definition for original implementations. Not applicable. RD-F-131 n/a Fork retains upstream audit coverage No upstream fork — upstream audit coverage retention is not applicable for original implementations. OpenEden has its own direct audit history (Hacken x2, Halborn x1). RD-F-132 n/a Fork has different economic parameters than upstream No upstream fork — economic parameter divergence from upstream is not applicable for original implementations. RD-F-133 gray Dependency manifest uses unpinned versions Cache records oz_contracts_version: 4.9.0 from package.json inspection. The npm version range string (whether pinned as 4.9.0 or unpinned as ^4.9.0 or ^4.x.x) is not confirmable from the GitHub repo preview available. Gray pending direct package.json content inspection to confirm pinning vs unpinned range.

RD-F-134 green Dependency had malicious-release incident (last 90d) No flagged malicious release in the trailing 90 days affecting OZ 4.9.0 or the OpenEden npm dependency set (hardhat, ethers, OZ upgradeable). OZ security advisories reviewed; no malicious release affecting 4.9.0 in the 90-day window preceding 2026-05-16. Major npm security advisory databases checked; no alert.

Post-deploy hygiene & change mgmt Yellow 28 13 of 13

RD-F-136 red Deployed bytecode matches signed release tag GitHub repo has 8 commits on main branch with no signed (GPG) release tags. Most recent commit 47a77ab (Sep 8, 2025) is unsigned. Deployed V5 implementation (0xc4545Bf80f) was upgraded 2025-08-14. No signed release tags found in the openeden.vault.audit repo. Deployed bytecode cannot be matched to a signed release tag. RD-F-139 red Post-audit code changes without re-audit Hacken V4 audit finalized 2024-12-10 (final commit 1299050d). Post-audit GitHub commits (6 total, Jul 11 – Sep 8, 2025) include: (1) instant redemption logic; (2) BUIDL redemption interface; (3) removal of setTotalSupplyCap(), mintTo(), burnFrom(), reIssue(); (4) renamed state variables; (5) checkLiquidity() addition; (6) Sep 8 major restructure (78 additions, 119 deletions). These changes deployed to mainnet as V5 (0xc4545Bf80f, 2025-08-14). Halborn Jul-Aug 2025 audit covered only StabilityVault.sol (USDO TGE) — NOT the vault V5 upgrade. No subsequent audit of vault V5 code found. Material post-audit code changes deployed without re-audit. [★ CRITICAL] RD-F-142 yellow Storage-layout collision risk across upgrades V4 to V5 upgrade (2025-08-14) renamed state variables (reserve1, reserve2 to buidlTreasury, etc.) without publicly published OZ upgrades-plugin validation. Renaming without reordering is generally safe in proxy storage, but no formal storage layout check output was published. Risk not confirmed but not cleared. RD-F-143 yellow Reinitializable implementation (no _disableInitializers) TBILL V5 implementation (0xc4545Bf80f) DOES call _disableInitializers() in constructor — protected. USDO implementation (0x87e3Ba929c71c0e28fc1c817d107a888a59c523e) does NOT call _disableInitializers() — an attacker who gains access to the bare implementation can call initialize(name, symbol, owner) and grant themselves DEFAULT_ADMIN_ROLE. USDO is live with active TVL on Ethereum and Base. Rolled yellow: TBILL protected (majority of TVL), USDO not protected. [★ — yellow not red because TBILL impl is correct; USDO impl gap is a real but secondary risk] RD-F-145 yellow Deployed bytecode reproducibility Etherscan shows 'Exact Match' verification for V5 implementation (Solidity v0.8.9, 200 runs optimization). This confirms the source compiled deterministically. However, no formal build reproduction guide is published. Partial evidence of reproducibility from Exact Match verification. RD-F-168 yellow Stale-approval exposure on deprecated router V1 vault (0xad6250f0) is deprecated per docs. Users who approved the V1 vault retain stale approvals. Migration announcement (Nov 2023) did not describe on-chain revocation of user approvals to V1. No active allowance scan performed. Yellow: stale approvals likely exist but risk is mitigated by V1 having no active TVL. RD-F-185 gray Bridge rate-limiter / chain-pause as positive mitigant OpenEden uses Chainlink CCIP (CCT standard) for USDO Ethereum-to-Base transfers. CCIP provides infrastructure-level rate limiting at the Chainlink layer. No protocol-level on-chain outflow rate-limiter for the OpenEden contracts themselves was found. XRPL TBILL has XRPL validator-controlled emergency pause capability but outside OpenEden's direct control. No dedicated OpenEden chain-pause mechanism documented for EVM contracts. F185 measures protocol-level controls — graded gray as neither a protocol-layer rate-limiter nor a protocol-controlled chain pause is identified.

RD-F-137 green Upgrade frequency (per 90 days) In the 90-day trailing window before 2026-05-16, zero vault upgrades occurred. Last upgrade was 2025-08-14 (~274 days before assessment date). Upgrade frequency = 0 in 90 days.

RD-F-138 green Hot-patch deploys without timelock (last 30 days) No upgrades in last 30 days. Last upgrade was 2025-08-14 (~274 days before assessment). Zero hot-patches in trailing 30 days.

RD-F-140 green Fix-merged-but-not-deployed gap No evidence of a merged security fix waiting in the repo without deployment. The Sep 8 commit (47a77ab) updates the deployed V5 code in the repo; repo and deployed bytecode appear aligned. No open security-labeled PRs found in public repo.

RD-F-141 green Test-mode parameters in deploy V5 implementation constructor calls _disableInitializers() — no test-mode initialization left open. Treasury addresses, fee managers, and KYC managers are production values. Operator oracle (0xFa2E954c) is the production operator actively updating NAV prices. No test-mode constants detected.

RD-F-144 green CREATE2 factory permits same-address redeploy No CREATE2 factory pattern detected in the public contracts. Standard ERC-1967 UUPS proxy deployment pattern. No selfdestruct in factory logic detected.

RD-F-146 green New contract deploys in last 30 days No new contract deploys in trailing 30 days (before 2026-05-16) identified from public sources. Latest vault upgrade was 2025-08-14 (not a new contract deploy). USDO Base and Chainlink CCIP integration were announced March 2025 (>30 days prior).

Cross-chain & bridge Gray 0 12 of 12

Threat intelligence & recon Green 0 8 of 8

RD-F-159 gray Attacker wallet pre-strike probe (low-gas failing txs) Mempool probe — attacker wallet sending low-gas failing txs. T-09 v2 deferred. No mempool probe pattern observed through public sources. Requires real-time mempool + threat-actor cluster feed. No attacker wallet identified for OpenEden in any public source. RD-F-163 gray Avg attacker reconnaissance time for peer-class protocols Attacker wallet reconnaissance time before strike (class baseline). OpenEden has 0 protocol security exploits in the hack database — no protocol-specific reconnaissance measurement is possible. Class-level baseline (USPD-style 78-day reconnaissance) is a curator-maintained metric derived from the hack DB for peer-class protocols. Requires curator input for class-level baseline assignment. RD-F-164 gray Leaked credential on paste/sentry site Leaked credential on paste/sentry site matching protocol infra. No public paste-site or credential-dump reference to OpenEden infrastructure endpoints, API keys, or admin credentials found through general web search 2026-05-16. Requires specialized paste/SIEM feed (e.g., Have I Been Pwned partner data, GreyNoise, IntelligenceX) not available in public scope. RD-F-165 gray Protocol social channel has scam-coordinator flag Telegram/Discord channel member flagged as scam-coordinator. Applicable: OpenEden has Telegram and community Discord presence. No scam-coordinator flag found in public sources for OpenEden channels 2026-05-16. Requires curator social watchlist and manual verification of community channel admins.

RD-F-158 green Known-threat-actor cluster has touched protocol Known-threat-actor wallet cluster touch (T-09 phase 2, tier-C advisory). Applicable for EVM portion; XRPL not EVM-monitorable. No DPRK/Lazarus/OFAC cluster proximity found through any public source: OFAC SDN list search, Chainalysis public reports, Elliptic public blogs, TRM Labs public resources, Hacken research articles — all yielded zero results linking OpenEden wallet addresses to known threat-actor clusters as of 2026-05-16. Operator EOA funding chain (0xdBC3C410 funded by 0x572ed8c1Aa, funded by 0xF4928C95) shows no mixer or threat-actor labels at visible hops. Public-proxy observation is clean. Definitive 3-hop proximity requires paid TI feed (Chainalysis/TRM private cluster query) — noted as residual uncertainty.

RD-F-160 green GitHub malicious-dependency incident touching protocol deps GitHub-flagged malicious-dependency incident. Applicable: openeden.vault.audit uses OZ 4.9.0 (npm/Hardhat). No GitHub advisory for OZ 4.9.0 found as of 2026-05-16. No malicious dependency release in last 90 days found through GitHub advisories or web search. OZ 4.9.0 is widely deployed; any advisory would be widely reported. Code-security analyst responsible for full OZ version CVE check (RD-F-135 scope).

RD-F-161 green Protocol-impersonator domain registered (typosquat) Protocol-impersonator domain registered (typosquat). Assessed first per briefing. openeden.com: creation date 2013-02-13, registrar GoDaddy, last updated 2026-02-28, expires 2029-02-13. Legitimate domain predates the 2023 protocol launch by ~10 years — company acquired domain in advance of or at corporate formation. 90-day window (2026-02-15 to 2026-05-16): no lookalike domain registration event found through web search (searched 'open-eden', '0peneden', 'openeeden', brand impersonation). No DeFi scam trackers, DFPI crypto scam tracker, or phishing-alert databases list an OpenEden typosquat as of 2026-05-16. OpenEden's institutional KYC-gated positioning reduces opportunistic typosquatting risk relative to anonymous DeFi protocols but does not eliminate it. Public-search scope only; pipeline DNS monitoring would provide continuous coverage.

RD-F-162 green Known-exploit-template selector deployed by any address Known-exploit-template selector-pattern deployed. No known exploit template for OpenEden-class KYC-gated ERC-4626 RWA vaults found through public sources. The combination of KYC whitelist gating and issuer-push NAV oracle creates a different attack surface than typical DeFi vaults. No matching selector-pattern deployment observed through public web search. Low-confidence assessment — formal on-chain sweep tool required for definitive answer.

Tooling / compiler / AI Green 17 5 of 5

RD-F-170 yellow Solc version used (known-bug versions flagged) TBILL V5Impl and V4Impl use pragma solidity =0.8.9 (pinned). Deployed bytecode compiled with v0.8.9+commit.e5eed63a (Etherscan exact match). USDO implementation uses v0.8.18+commit.87f61d96. KycManager (deprecated) uses v0.8.20. Hardhat config specifies 6 compiler versions: 0.8.9, 0.8.17, 0.8.16, 0.7.6, 0.6.6, 0.4.24. Optimizer enabled, 200 runs, no viaIR. 0.8.9 is not on Solidity's known-critical-bug list but is 5 major point versions behind current (0.8.26) and has not received patches since 2021. Legacy versions 0.7.6, 0.6.6, 0.4.24 in the config are likely for library compatibility. Yellow for legacy primary compiler version (not flagged-bug, but unmaintained for 5 years). RD-F-174 yellow Dependency tree uses EOL Solidity version Solidity 0.8.9 (primary vault contracts) was released March 2021 — over 5 years ago. It is not formally declared EOL by the Solidity team (no explicit EOL list), but the 0.8.x rolling release model means 0.8.9 receives no security patches. Hardhat config also includes 0.7.6, 0.6.6, 0.4.24 which are genuinely legacy versions, likely for library compatibility interfaces. No critical compiler bugs documented for 0.8.9 in the Solidity advisory list. Yellow for unmaintained version age without critical known bug. RD-F-171 n/a Bytecode similarity to audited upstream with behavior deviation This factor detects AI-generated copies of audited upstream protocols with behavior deviation. OpenEden is an original implementation — no upstream protocol to compare bytecode against. Factor is structurally inapplicable for original implementations.

RD-F-172 green Repo shows AI-tool co-authorship in critical files GitHub repo has 8 total commits. Commit messages reviewed: 'update OpenEdenVaultV4Impl.sol with correct code', 'add V4Impl.sol for better tracking', 'Renamed V4Impl to V5Impl', 'ready for audit', 'redeem additional 1e6 usdc to avoid rounding errors', plus initial commit and mock file additions. No Co-authored-by: GitHub Copilot or Co-authored-by: ChatGPT markers detected in the commit history.

RD-F-173 green Team self-disclosure of AI-generated Solidity No public disclosure found from OpenEden team (blog posts, X/Twitter, official docs, announcements) mentioning AI-generated Solidity in security-critical code paths. OpenEden news section and docs reviewed; no AI-Solidity disclosure.

Response & disclosure hygiene Red 50 4 of 4

RD-F-175 red Disclosure channel exists No public security disclosure channel found after comprehensive search. (1) docs.openeden.com — no security section on root, trust-and-transparency, or FAQ pages. (2) openeden.com/security — 404. (3) SECURITY.md absent from GitHub repo OpenEdenHQ/openeden.vault.audit (cache security_md_present:false; GitHub security advisories confirm 'There aren't any published security advisories'). (4) Immunefi: 404 on direct slug; not in /explore listing of 223+ programs. (5) Sherlock, Cantina, HackenProof: no program found. (6) No security@ email or dedicated SIRT contact published. Only general Telegram/X community contact exists. This is the primary Cat 13 exposure, analogous to circle-usyc and spiko. RD-F-176 red Disclosure SLA public No acknowledgment-time SLA published. There is no disclosure channel (F175 red), and consequently no SLA framework exists. Confirmed: no mention of a 72h or any other acknowledgment window in any OpenEden public documentation including docs.openeden.com, trust-and-transparency page, and main website. Per methodology: red = no SLA published.

RD-F-177 green Prior known-ignored disclosure No evidence of a prior ignored disclosure. Zero protocol security exploits exist (F077 green); no post-mortems acknowledge a received-but-not-actioned report. Hacksdatabase, rekt.news, SlowMist, and De.Fi searches return no OpenEden exploit entries. Score green per methodology ('green = no evidence of ignored disclosure').

RD-F-178 green CVE/GHSA advisory issued against protocol No CVE or GHSA advisory issued against OpenEden. GitHub Security Advisories for OpenEdenHQ/openeden.vault.audit explicitly states: 'There aren't any published security advisories.' No CVE found via NVD search for 'openeden'. The Hacken Nov-2024 audit finding 'Possible Invalid Convert Rate from Lack of Oracle Validation (Medium — Fixed)' was remediated within the audit engagement and was not elevated to a post-deployment CVE/GHSA. Score green.

rubric_version v1.7.0 graded_at 2026-05-16 10:11:48 factors 184 protocol openeden