Code complexity vs audit coverage
Spiko's assessment for RD-F-024 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
EVM codebase is compact (Token.sol, Oracle.sol, PermissionManaged.sol, Minter.sol, Redemption.sol + extensions). ToB Oct-2023 covered pre-launch codebase. Post-audit additions: ERC2771 (Jan-2024), MultiATM (Jan-2026, ~220 LOC changes). Cairo: 3 contracts, Nethermind covered. Stellar: 5 contracts, Halborn covered. Qualitatively moderate complexity; MultiATM is unaudited complexity concern but non-core.
Sources #
- GitHubspiko-tech/contracts commit historyEVM commit history showing MultiATM addition January 2026retrieved 2026-05-16
- Halborn Spiko Stellar audit scopeHalborn Stellar covered all 5 contracts including token permission manager redemptionretrieved 2026-05-16
Methodology #
Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.
See the full factor methodology and distribution across all protocols →