Static-analyzer high-severity count

Usual (USD0 / bUSD0 / USUAL)'s assessment for RD-F-010 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No public Slither/Mythril/Semgrep output for Usual. Private repo prevents independent static analysis. The May 2025 $43K exploit (USD0++ arbitrage at 1:1 rate) confirms at least one logic vulnerability survived the multi-firm audit program. Audit firms' internal static analysis results are not publicly available.

Sources #

GitHub
usual-dao GitHub Organization (pegasus repo private)Usual-dao GitHub org — main pegasus repo is privateretrieved 2026-05-17
URL
Usual Protocol pauses contract after USD0 exploitUSD0 exploit May 2025 — logic bug in 1:1 arbitrage pathretrieved 2026-05-17

Methodology #

Count the number of unique high-severity detector findings from Slither + Mythril + Semgrep run against the deployed verified source (after deduplication across tools).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol usual factor RD-F-010 score gray collected_at 2026-05-16 20:39:44