★ Post-audit code changes without re-audit

QuickSwap's assessment for RD-F-139 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Code4rena Sep 26-Oct 1 2022 audit found 1 HIGH + 12 MEDIUM in V3/Algebra periphery. V3 launched Oct 7 2022 (6 days after audit end). H-01 (malicious liquidity provision to reset cooldown) was confirmed by sponsors with recommendation only — no confirmed pre-launch fix. 12 MEDIUM findings acknowledged but remediation status at deploy time is not publicly verifiable. A senior developer resigned in Oct 2022 citing the team's refusal to conduct a comprehensive front-end security audit. New Base chain deployment (Aug 2025) lacks a confirmed dedicated security review. QuickSwap-voting aggregator contracts deployed with no identified audit.

Sources #

Audit
Code4rena QuickSwap Audit Sep 2022Code4rena QuickSwap+StellaSwap audit Sep 2022: 1 HIGH (H-01) + 12 MEDIUM findings; V3 launched Oct 7 2022 — 6 days post-auditretrieved 2026-05-16
URL
QuickSwap V3 Audit Controversy — Developer ResignationCrypto.news: senior developer quit Oct 2022 over team refusal to conduct front-end security auditretrieved 2026-05-16

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol quickswap factor RD-F-139 score red collected_at 2026-05-16 08:48:31