Yes, it’s not sufficient to have good review-ability, what is more important is demand for review - which comes with wide adoption and usage. There are people looking at sudo code and finding programming errors leading to vulnerabilities. Who looks into doas code? Absence of CVEs doesn’t mean good security, might just be low attention.
This is just general consideration. But thanks for bringing it up, I was not aware of this program, and looking at this comparison
$ pacman -Si sudo | grep Install
Installationsgröße : 4557,19 KiB
$ pacman -Si opendoas | grep Install
Installationsgröße : 46,52 KiB
i think I know which privilege elevation tool I’ll be looking at next 