Code complexity vs audit coverage

Sanctum's assessment for RD-F-024 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Three Tier-1/2 firms audited Infinity V1 (Feb 2024) — 7 sub-programs per .verified-build.json. Audit depth appears adequate for V1. However, inf-1.5 (348 commits, V2 March 2026) represents a substantial rework with no identified audit, making the current code-to-audit coverage ratio poor. The Unstake audit (Sec3 July 2023) appears proportionate for its scope.

Sources #

GitHub
S repository verified-build.jsonigneous-labs/S .verified-build.json tracks 7 sub-programsretrieved 2026-05-04
GitHub
igneous-labs/inf-1.5 repositoryinf-1.5 348 commits no audit folderretrieved 2026-05-04

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sanctum factor RD-F-024 score yellow collected_at 2026-05-04 18:49:23