defirisk.co
rubric v1.7.0

Audit scope mismatch

Superstate's assessment for RD-F-001 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Ten 0xMacro engagements cover core EVM contracts. Current deployed USTB implementation is SuperstateTokenV5_1 at 0x1f50a1EE0ec8275d0c83b7bb08896b4b47D6E8C4 (solc 0.8.28, 1M optimizer runs). Repo HEAD commit 78e8ca22 (2025-04-14) matches audit-6 final commit, suggesting alignment, but bytecode-to-commit match cannot be independently verified via eth_getCode + solc reproduction without a programmatic run. Single-firm coverage (all 0xMacro) reduces confidence. The profile listed a different impl address (0x5419d3FA...) — a post-profiling upgrade has occurred.

Sources #

  • GitHub
    superstateinc/ustb recent commitsGitHub API recent commits showing HEAD = 78e8ca22 dated 2025-04-14 matching audit-6 final commitretrieved 2026-05-16
  • Etherscan
    Etherscan USTB Transparent ProxyUSTB Proxy 0x43415eB6ff9DB7E26A15b704e7A3eDCe97d31C4e showing current impl 0x1f50a1EE0ec8275d0c83b7bb08896b4b47D6E8C4 (SuperstateTokenV5_1)retrieved 2026-05-16
  • Audit
    0xMacro Superstate Audit 60xMacro superstate-6, final commit 78e8ca22a319efd265e7d6ba2c326475cb6b6e2e, published 2025-04-15retrieved 2026-05-16

Methodology #

Check whether the commit SHA cited in the audit report matches the bytecode deployed at the production proxy/implementation address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol superstate factor RD-F-001 score yellow collected_at 2026-05-16 00:06:37