defirisk.co
rubric v1.7.0

Audit recency

Wormhole's assessment for RD-F-002 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Most recent EVM audit activity: Cyfrin EVM Multi-Gov v2 (2025-02); OtterSec NTT v3 (2025-04-18); Cyfrin Securitize Bridge Wormhole Executor v2.0 (2026-02-10 per Cyfrin repo). The EVM Core Bridge and Token Bridge themselves were last substantively audited by Trail of Bits 2023-04 (~36 months ago) and CertiK 2023-03-08. For these core contracts specifically, audit recency is ~36 months — outside the typical 12-month refresh norm for critical bridge infrastructure. Peripheral products (NTT, Mult...

Sources #

  • Curator note
    Extracted from 01-code-security.md — RD-F-002 finding; no URL cited in originalretrieved 2026-04-28

Methodology #

Measure the number of days between today and the sign-off date of the most recent audit report covering the currently-deployed bytecode.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol wormhole factor RD-F-002 score yellow collected_at 2026-04-28 01:38:43