Code complexity vs audit coverage

Superstate's assessment for RD-F-024 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Audit-6 reviewed 5 contracts over 2 days (Apr 14-15), audit-4 reviewed 5 contracts over 4 days (Nov 12-15) and found 2H+1M. The codebase has grown to v5.1 with multiple versioned contract files. Short-duration single-firm engagements on a growing protocol represent borderline coverage. For a relatively simple ERC-20 allowlisted token (not a complex AMM or lending engine) the ratio is acceptable but not best-in-class.

Sources #

Audit
0xMacro Superstate Audit 4 (2H+1M in 4 days)0xMacro superstate-4: 4-day engagement (Nov 12-15 2024), 5 contracts, 2H+1M foundretrieved 2026-05-16
Audit
0xMacro Superstate Audit 6 (2-day duration)0xMacro superstate-6: 2-day engagement (Apr 14-15 2025), 5 contracts, 0 severity findingsretrieved 2026-05-16

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol superstate factor RD-F-024 score yellow collected_at 2026-05-16 00:06:37