Code complexity vs audit coverage

Polymarket's assessment for RD-F-024 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2 is a modular mixin architecture (~12 mixin files). Two audit firms (Cantina + Quantstamp) both reviewed V2 in March 2026. Audit duration not determinable from PDF (binary). The parallel two-firm audit approach mitigates single-firm coverage gaps. Marking yellow due to inability to verify LOC/audit-day ratio.

Sources #

GitHub
CTF Exchange V2 mixin directoryctf-exchange-v2/src/exchange/mixins — 12 mixin files; Solidity 99%+retrieved 2026-04-29

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-024 score yellow collected_at 2026-04-29 16:25:39