defirisk.co
rubric v1.7.0

Audit-to-deploy gap

Wormhole's assessment for RD-F-006 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

NTT v3 audited by OtterSec 2025-04-18 and 2025-05-05; Cyfrin Multi-Gov v2 completed 2025-02. Deploy timings for these products are not precisely documented, but NTT was launched progressively through 2024–2025 with corresponding audit cadence. Core bridge deploy precedes audit history (launched August 2021; first substantive audit Neodyme 2022-01-10 — ~160 days post-launch for the core). The 160-day gap for the original core bridge launch is the main adverse signal; all subsequent major produ...

Sources #

  • Curator note
    Extracted from 01-code-security.md — RD-F-006 finding; no URL cited in originalretrieved 2026-04-28

Methodology #

Measure the number of days between the audit report sign-off date and the mainnet deploy of the audited bytecode.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol wormhole factor RD-F-006 score yellow collected_at 2026-04-28 01:38:43