★ Post-audit code changes without re-audit

Veda (BoringVault)'s assessment for RD-F-139 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

13+ audit engagements (11+ 0xMacro incremental A-4 through A-45, Spearbit Arctic, Certora x2, Sigma Prime). High audit frequency is a strong positive. However: audit dates not publicly disclosed; GitHub last commit 2026-05-15 (2 days ago) has no confirmed audit coverage; incremental model may leave integration-level gaps. Yellow not red due to high audit count.

Sources #

Docs
Veda audits page — 13 engagements, no datesdocs.veda.tech/security-and-risk-controls/audits: 13 audits listed including A-4 through A-45 (0xMacro), Spearbit Arctic — no dates disclosedretrieved 2026-05-17
GitHub
GitHub last commit date — ahead of any confirmed auditVeda-Labs/boring-vault: last commit 2026-05-15 — no audit coverage for this week's changesretrieved 2026-05-17

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-139 score yellow collected_at 2026-05-17 12:41:22