Audit firm tier

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-005 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Zellic (Tier-1 per curator registry) audited RouteProcessor3 only. ABDK and Trail of Bits (both Tier-1) audited the ORIGINAL Uniswap v3 codebase from which SushiSwap forked — these are not Sushi-specific engagements. PeckShield (Tier-2) audited v2-core specifically. No Tier-1 audit of SushiSwap's core AMM contracts (v2 or v3) as a Sushi-specific engagement. Threshold: yellow = Tier-2 only for the Sushi-specific engagement.

Sources #

Audit
Zellic SushiSwap RouteProcessor3 AuditZellic RP3 audit (Tier-1 firm, Sushi-specific but RP3 only)retrieved 2026-05-17
Internal
risk-dashboard/scripts/data-pipeline/audit-firms.jsonaudit-firms.json canonical firm tier registryretrieved 2026-05-17
Audit
PeckShield-Audit-Report-SushiSwap-v1.0.pdfPeckShield v2 audit (Tier-2 firm, Sushi-specific for v2-core)retrieved 2026-05-17

Methodology #

Classify each auditing firm into: Tier-1 (Trail of Bits / OpenZeppelin / ConsenSys Diligence / Certora / Sigma Prime / Spearbit / Zellic) / Tier-2 (established, named firm with public track record) / boutique / unknown.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-005 score yellow collected_at 2026-05-16 19:50:37