★ Audit scope mismatch

Save (formerly Solend)'s assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The confirmed public audit is Kudelski Security v1.0 (signed 2021-09-28, audit period July–Aug 2021). The program has been upgraded via BPFLoaderUpgradeable since launch in Aug 2021 — confirmed upgrades include the Dec 2021 Neodyme rounding-error patch. No reproducible-build verification found via verify.osec.io. No post-2021 full-scope audit PDF confirmed publicly. The Kudelski commit does not match current deployed bytecode (~57 months of drift). Yellow rather than red: the architectural baseline is unchanged, the Dec 2021 security patch was applied promptly, but no audit of post-2021 deployed state is verifiable.

Sources #

Audit
Solend Audit v1.0 — Kudelski SecurityKudelski Security Solend v1.0 audit PDFretrieved 2026-05-17
Docs
Audit | Save (formerly Solend)Save protocol audit documentationretrieved 2026-05-17
URL
Bug in Solana Token Lending Contract Fixed, More Than $2 Billion Made ExploitableNeodyme SPL rounding-error disclosure — Solend fixed Dec 2 2021retrieved 2026-05-17

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-001 score yellow collected_at 2026-05-17 15:20:15