Code complexity vs audit coverage

Veda (BoringVault)'s assessment for RD-F-024 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

A-4 covered 45 contracts in a 5-day engagement (April 1-5, 2024). The boring-vault repo contains hundreds of Solidity files across DecoderAndSanitizer variants (one per external protocol integration), multiple accountant types, cross-chain tellers, helper contracts, and micro-managers — deployed across 22+ chains. The incremental audit series (13 documented engagements) covers new scopes piecemeal. Total code coverage relative to the deployed surface is not demonstrably complete. Yellow for ongoing complexity growth vs audit cadence.

Sources #

GitHub
Veda Labs boring-vault — codebase sizeboring-vault repo — active development, last commit 2026-05-15, 22+ chain deploymentsretrieved 2026-05-17
Audit
Seven Seas A-4 — scope and durationA-4: 45 contracts, 5 days, April 1-5 2024retrieved 2026-05-17

Methodology #

Determine whether the cyclomatic complexity or LOC-per-audit-day ratio exceeds the curator-declared credibility threshold for the audit to be meaningful.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-024 score yellow collected_at 2026-05-17 12:41:22