★ Audit scope mismatch

Polymarket's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

CTF Exchange V2 audited March 2026 (Cantina + Quantstamp); post-audit commits exist through April 13, 2026 before April 28, 2026 deployment. No signed release tag links audit commit SHA to deployed bytecode. Post-audit commits appear non-logic-critical (docs only); Solidity bumped 0.8.33 to 0.8.34 during audit window. CTF Exchange V1 had post-audit ERC-1271 logic addition (October 2025) after ChainSecurity 2022 audit — V1 now sunset.

Sources #

Audit
CTF Exchange V2 Cantina audit March 2026CTF Exchange V2 - Cantina - March 2026 (PDF in repo audits/)retrieved 2026-04-29
Audit
CTF Exchange V2 Quantstamp audit March 2026CTF Exchange V2 - Quantstamp - March 2026 (PDF in repo audits/)retrieved 2026-04-29
GitHub
Polymarket CTF Exchange V2 commit historyctf-exchange-v2 latest commit ccc0596 (April 13, 2026) — docs only changeretrieved 2026-04-29
Etherscan
CTFExchange V2 Polygonscan deploymentCTFExchange V2 deploy tx 0xd313453c... (2026-03-31), deployer Polymarket: Deployer 1retrieved 2026-04-29

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-001 score yellow collected_at 2026-04-29 16:25:39