Contributor tenure at admin-permissioned PR

A dev identity & insider risk factor in the v1.7.0 rubric. Measured per protocol on a e cadence.

Methodology how we score #

**What this measures** This factor measures the tenure — in days since first contribution — of the author of the most recent admin-permissioned code change. A short-tenured contributor being granted admin-level merge or deploy authority is a structural insider-risk signal, particularly when the contributor's identity is not otherwise verifiable. Measurement is programmatic via GitHub API: the factor queries the merge timestamp of the most recent commit touching admin-role or upgrade-path code and compares it to the author's first contribution date in the repository. Category 7 context: DPRK insider-implant attacks specifically exploit short-tenured developers being granted premature admin access.

**Why it matters** The Drift Protocol incident (April 2026) exemplifies the risk: UNC4736 (DPRK-attributed) infiltrated the team by posing as an external integrator, built real-capital credibility over six months, and was ultimately granted sufficient access to influence the Security Council threshold reduction that preceded the $285M exploit. Short-tenured contributor access is not inherently malicious — legitimate security researchers are onboarded quickly — but it creates a window where the contributor's intent cannot be verified through track record. Protocols with documented insider attribution consistently show short-tenure → admin-access patterns.

**Green / Yellow / Red** Green is scored when the most recent admin-permissioned PR author has a contribution history of at least 180 days in the repository, or is a verified external audit firm contributor. Yellow applies when the author's tenure is 30–180 days with verifiable identity. Red is scored when the most recent admin-permissioned change was authored by a contributor with fewer than 30 days of repository history and no verifiable external identity.

**Common gray cases** Gray is assigned when the repository does not clearly distinguish admin-path code from general code changes, when the repo is private, or when the most recent admin change is more than 12 months old and assessing tenure at that historical point is impractical.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Measure the number of days contributing to the repo of the author of the most recent admin-permissioned code change.

Data & output #

Data source

GitHub API: PR author's first-commit date to this repo vs PR merge date + `git log` for author

Output format

Green / Yellow / Red

Evidence artifact

PR URL + author GitHub handle + first-commit date + days-tenure

Confidence signal

green = PR author has ≥180 days tenure in repo; yellow = 30–179 days; red = <30 days or author is external with no prior commits; gray = repo is private or commit history not accessible

Scored protocols 80 carry this factor #

Protocol RD-F-116

Aave v3 ethereum green Across Protocol ethereum gray Aerodrome Finance base green Axelar Network ethereum green Babylon Protocol bitcoin green Balancer (v2 + v3) ethereum green Beefy Finance ethereum green BENQI avalanche green BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum green Chainlink CCIP ethereum green Circle USYC binance gray Compound V3 (Comet) ethereum green Concrete ethereum yellow Convex Finance ethereum green crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum green deBridge ethereum gray Dolomite ethereum green dYdX v4 (dYdX Chain) dydx green EigenLayer ethereum green Ethena ethereum gray ether.fi ethereum gray Euler V2 ethereum green Falcon Finance ethereum gray Fluid ethereum green Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum yellow Hyperlane ethereum yellow Hyperliquid arbitrum green Jito solana green Jupiter solana gray Jupiter Perpetual Exchange solana green JustLend DAO tron yellow Kamino Lend solana yellow Kinetiq hyperliquid yellow Lido ethereum green Liquid Collective (LsETH) ethereum yellow Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc green Lombard Finance ethereum yellow M^0 ethereum gray Maple Finance ethereum yellow Marinade Finance solana yellow Meteora solana gray mETH Protocol ethereum yellow Midas ethereum gray Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum yellow Ondo Finance ethereum yellow OpenEden ethereum green Orca solana green PancakeSwap bsc gray Pendle Finance ethereum green Polymarket polygon yellow QuickSwap polygon yellow Raydium solana green Rocket Pool ethereum green Sanctum solana green Save (formerly Solend) solana yellow Sky Lending (formerly MakerDAO) ethereum yellow Spark Protocol ethereum green Spiko stellar green Stake DAO ethereum green StakeWise v3 ethereum green Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid not_assessed SUNSwap (sun.io) tron green Superstate ethereum yellow Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum gray Symbiotic ethereum green Synapse Protocol ethereum yellow Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron gray Usual (USD0 / bUSD0 / USUAL) ethereum gray Veda (BoringVault) ethereum green Venus Protocol bsc gray Wormhole ethereum gray Yearn Finance ethereum green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.

rubric_version v1.7.0 factor RD-F-116 category 7 carried 80 critical no