★ Post-audit code changes without re-audit

Symbiotic's assessment for RD-F-139 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Core contracts are non-upgradeable. No code changes to the deployed bytecode of OperatorRegistry, NetworkRegistry, or DefaultCollateral are structurally possible. 6 audits cover the deployed codebase; full mainnet launch Jan 2025 post-audit. Any new vault implementation whitelisted by factory is a new contract requiring its own audit process, not a modification of existing audited bytecode.

Sources #

Docs
Symbiotic Mainnet Launch — Post-Audit Immutable DeploySymbiotic mainnet launch blog — launched post-5-audits + code competition; non-upgradeable coreretrieved 2026-05-16
GitHub
Symbiotic Core — 6-Firm Audit CoverageGitHub audits directory — 6 firms (Statemind, ChainSecurity, Zellic, OtterSec, Certora, Cantina) audited core before mainnetretrieved 2026-05-16

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol symbiotic factor RD-F-139 score green collected_at 2026-05-16 09:25:24