Auditor re-engaged after last exploit

Save (formerly Solend)'s assessment for RD-F-083 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

After Aug 2021: Neodyme published a detailed post-mortem / security analysis (Dec 2021) — constitutes an external security firm incident review. After Nov 2022 oracle incident: no confirmed external re-audit found in public sources. The oracle manipulation was a configuration/parametric issue (single-source thin-liquidity feed in isolated pools), not a code logic bug, but absence of documented re-audit engagement post-Nov-2022 is a gap. Scoring yellow (external security review for one incident; no confirmed re-audit for most recent).

Sources #

URL
2022 Solana Hacks Explained: SolendAckee Blockchain — Nov 2022 analysis (third-party post-incident technical analysis; not an auditor re-engagement)retrieved 2026-05-17
URL
Neodyme blog — Solana upgrade authority context (Dec 2021)Neodyme post-mortem / security analysis (Dec 2021) — post-Aug-2021 incident reviewretrieved 2026-05-17

Methodology #

Determine whether a reputable auditor performed a re-audit or incident review after the most recent exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-083 score yellow collected_at 2026-05-17 15:20:15