★ Audit scope mismatch

OpenEden's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Hacken Nov-2024 audited OpenEdenVaultV4Impl.sol at commit 1299050d098a626fffa2a652545ee40abb9f1d7a (finalized 2024-12-10). The currently deployed implementation on the TBILL proxy is 0xc4545Bf80f935894cbe138d86b506923dab7c048, identified by Etherscan as OpenEdenVaultV5 — deployed 2025-08-14. V5 adds instant redemption (redeemIns), setRedemption(), supply cap controls, and direct mint/burn/reissue operations — material new attack surface not covered by the V4 audit. Halborn Jul-Aug 2025 covers only StabilityVault.sol (USDO TGE). No audit covers the currently deployed V5 TBILL vault implementation. Scored yellow (not red) per briefing spiko/midas refinement for RWA issuers: V5 is an upgrade of audited V4 by the same team; correct initializer/disableInitializers patterns in place.

Sources #

Audit
Hacken Security Audit — OpenEden Vault Nov-2024Hacken Nov-2024 audit (OpenEdenVaultV4Impl.sol, commit 1299050d)retrieved 2026-05-16
Audit
Halborn Security Assessment — OpenEden Stability Vault Aug-2025Halborn Jul-Aug 2025 audit — scope StabilityVault.sol only, commit 8142989retrieved 2026-05-16
Etherscan
OpenEdenVaultV5 implementation — Etherscan verified sourceTBILL Vault V5 implementation 0xc4545Bf — deployed Aug 2025, OpenEdenVaultV5, source verified exact matchretrieved 2026-05-16

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol openeden factor RD-F-001 score yellow collected_at 2026-05-16 10:11:45