★ Post-audit code changes without re-audit

Superstate's assessment for RD-F-139 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[STAR in scope] Ten 0xMacro audits covering USTB/USCC (superstate-1 through superstate-10). Audits 9 (Nov 2025) and 10 (Feb 2026) have private scope - specific contracts unknown. The July 2025 upgrade to SuperstateTokenV5_1 occurred after audit-6 (Apr 2025 - last public-scope audit of SuperstateToken.sol). Audits 9 and 10 were published after the July upgrade and plausibly cover it, but private scope prevents external verification. Continuous audit engagement is clear; full per-version coverage is unverifiable. Distinct from circle-usyc RED (zero audits) - scored yellow for partial evidence.

Sources #

Audit
0xMacro Superstate-6 Audit Apr 20250xMacro superstate-6: covers SuperstateToken.sol, published Apr 15 2025; upgrades to SuperstateTokenV5_1 on Jul 16 2025 post-date this auditretrieved 2026-05-16
Audit
0xMacro Superstate-9 Audit Nov 2025 (private scope)0xMacro superstate-9 (Nov 2025) and superstate-10 (Feb 2026): private scope, may cover Jul 2025 upgrade but unverifiable externallyretrieved 2026-05-16

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol superstate factor RD-F-139 score yellow collected_at 2026-05-16 00:06:37