★ Post-audit code changes without re-audit

PancakeSwap's assessment for RD-F-139 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Infinity/V4 launched April 28 2025 with 3 external auditors (Hexens, OtterSec, Zellic for both core and periphery — confirmed via GitHub). CertiK's involvement was a hooks security blog post, not a full engagement audit. Tokenomics 3.0 contract changes (May 2025) — veCAKE sunset, new staking — unconfirmed for re-audit coverage. Post-Tokenomics-3.0 CAKE supply cap changes (Jan 2026) are governance-level. Multi-firm Infinity audits are a meaningful mitigant. Yellow, not red.

Sources #

GitHub
Infinity Periphery Audits — GitHubinfinity-periphery/audits — Hexens.pdf, OtterSec.pdf, Zellic.pdfretrieved 2026-04-28
URL
CertiK — PancakeSwap Infinity Hooks SecurityCertiK Infinity hooks — blog post review, not full audit engagementretrieved 2026-04-28
GitHub
Infinity Core Audits — GitHubinfinity-core/docs/audits — Hexens.pdf, OtterSec.pdf, Zellic.pdfretrieved 2026-04-28

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pancakeswap factor RD-F-139 score yellow collected_at 2026-04-28 19:10:57