Auditor re-engaged after last exploit

Venus Protocol's assessment for RD-F-083 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Venus THE post-mortem (2026-03-17) references 'mid-term complete core pool re-audit planned' but provides no specific firm, timeline, or engagement confirmation. No evidence found of a formal re-audit commissioned and completed in the 44 days between the March 2026 exploit and assessment date. Hashdit flash loan audit (2025-10-16) predates the THE incident. Score: yellow (re-audit planned, not confirmed as engaged/completed for exploited code).

Sources #

Governance
THE Market Incident Post-Mortem — re-audit referenceVenus THE post-mortem references mid-term re-audit planretrieved 2026-04-28
GitHub
VenusProtocol/venus-protocol audits directoryVenus Protocol audits directory — most recent audit pre-dating THE incident is Hashdit flash loan 2025-10-16retrieved 2026-04-28

Methodology #

Determine whether a reputable auditor performed a re-audit or incident review after the most recent exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol venus factor RD-F-083 score yellow collected_at 2026-04-28 18:30:49