Code complexity vs audit coverage

OpenEden's assessment for RD-F-024 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

GitHub repo has 8 total commits. Hacken Nov-2024 covered V4Impl only. V5Impl adds substantial new surface (instant redemption, mintTo/burnFrom/reIssue, setRedemption, supply cap) with no audit days covering this code. Halborn StabilityVault audit was 3 days / 1 FTE on a single separate contract. The ratio of new unaudited code complexity to audit coverage is adverse for V5. Borderline yellow: V4 was covered, V5 is genuinely new unaudited surface.

Sources #

Audit
Halborn Security Assessment — OpenEden Stability VaultHalborn Aug-2025 — 3 days / 1 FTE, StabilityVault onlyretrieved 2026-05-16
GitHub
OpenEden Vault Audit Repo — Commit HistoryGitHub repo — 8 total commits, V5Impl new functionality per commit logretrieved 2026-05-16

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol openeden factor RD-F-024 score yellow collected_at 2026-05-16 10:11:45