★ Audit scope mismatch

Stake DAO's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

vlSDT deployed 2026-04-15 (block 24885681, tx 0xf6870de4d9d208b44b9774f9ff2a19f15f987e360521228746275ab00476d5db) postdating Trust Security audit sign-off 2026-03-26. Post-audit TRST-designated remediation commits on 2026-04-01 plus additional commits through 2026-05-12 (commit 90c7b94) were deployed. Audit PDF not accessible via WebFetch; no commit SHA independently confirming audited revision vs deployed source. Etherscan shows 'Exact Match' for vlSDT source. Older modules (liquid lockers, Votemarket) have multi-year audit coverage with verified source matches. Yellow for vlSDT recency gap and unverifiable commit alignment; green for older modules.

Sources #

Audit
https://raw.githubusercontent.com/stake-dao/audits/main/vlsdt/2026_03_26_trust_security_vlsdt.pdfretrieved 2026-05-16
Tx
vlSDT Deploy TransactionvlSDT deploy tx block 24885681 timestamp 2026-04-15retrieved 2026-05-16
Etherscan
vlSDT Etherscan Source VerificationvlSDT contract 0x94818A7baa7e9F5dC62ce4da1B52ef9a760b80B8 — Exact Match verificationretrieved 2026-05-16
GitHub
vlSDT Package Commit HistoryvlSDT commit history — TRST-fixes 2026-04-01, 90c7b94 2026-05-12retrieved 2026-05-16

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stake-dao factor RD-F-001 score yellow collected_at 2026-05-16 12:29:20