★ Audit scope mismatch
Spiko's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Three substrate-specific audits exist: Trail of Bits (EVM, Oct-2023), Nethermind NM0333 (Cairo/Starknet, Dec-2024), Halborn (Stellar/Soroban, Sep-2025 at commit b66c29e). Each covers its substrate at audit time. Material EVM post-audit changes deployed without re-audit: ERC2771 meta-tx (Jan-2024 commit fdd46e1), UUPS proxy upgrade to impl 0x15EA (Apr-2024 tx 0x728d46f2), Minter security requirements (Nov-2025 commit c0b1a75), MultiATM contract (Jan-2026 commits 00b549a through ce96b8b). Deployed EVM bytecode materially diverges from Oct-2023 ToB audit commit. Substrate coverage is complete but EVM temporal coverage has a gap.
Sources #
- TxSpiko USTBL proxy upgrade tx 2024-04-19USTBL Ethereum proxy upgrade transaction April 19 2024 block 19690265retrieved 2026-05-16
- Nethermind Security Audit NM0333 SpikoNethermind NM0333-FINAL_SPIKO Cairo audit filed 2024-12-16 commit 265f82bdretrieved 2026-05-16
- spiko-tech/contracts commit historyEVM commit history showing post-audit changes including ERC2771 and Minter security requirementsretrieved 2026-05-16
- Halborn Spiko Stellar Contracts Audit 2025-09Halborn Stellar contracts audit September 2025 initial commit b66c29e all findings resolvedretrieved 2026-05-16
- Trail of Bits Spiko Security Review 2023-10Trail of Bits Spiko EVM security review October 2023retrieved 2026-05-16
Methodology #
Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.
See the full factor methodology and distribution across all protocols →