Fix-merged-but-not-deployed gap

Cap (cUSD / stcUSD)'s assessment for RD-F-140 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No publicly documented security fix known to be merged but not deployed. No CVE or GHSA advisory for cap-labs-dev/cap-contracts. Zero protocol-level incidents per Cat 5 assessment.

Sources #

GitHub
cap-contracts — no security advisoriesNo GHSA security advisories found for cap-labs-dev/cap-contracts. Profile §10: zero incidents.retrieved 2026-05-17

Methodology #

Determine whether a known vulnerability has a PR merged in the repo but the fix has not been included in the deployed bytecode.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol cap factor RD-F-140 score green collected_at 2026-05-17 10:56:24