defirisk.co
rubric v1.7.0

Deployed bytecode matches signed release tag

Beefy Finance's assessment for RD-F-136 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

BeefyVaultV7 and base strategy contracts accessible on GitHub. No formal signed release-tag to deployed-bytecode matching performed due to the volume of deployments (thousands of vault+strategy clones across ~34 chains). Cache confirms last_commit_date=null (pipeline could not read). Factory deploys EIP-1167 clones from fixed implementation; implementation bytecode should be deterministic but not verified per clone.

Sources #

  • Internal
    Beefy data cache — GitHub last commit date unavailable00-data-cache.json github.last_commit_date=nullretrieved 2026-05-16
  • GitHub
    Beefy Contracts GitHub Repositorybeefyfinance/beefy-contracts — public source, but no formal signed release tags for each vault deploymentretrieved 2026-05-16

Methodology #

Determine whether the deployed runtime bytecode corresponds to a signed git tag in the protocol's repository.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol beefy factor RD-F-136 score gray collected_at 2026-05-16 13:10:30