defirisk.co
rubric v1.7.0

GitHub force-push to sensitive branch

Convex Finance's assessment for RD-F-108 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Applicable. Primary repo: github.com/convex-eth/platform. Data cache: last_commit_date: 2025-10-23. No force-push or unauthorized push to main branch reported in public sources. Last commit approximately 6.5 months ago (relative to assessment date 2026-05-16) suggests a period of low active development on the core platform repo — lower surface area for unauthorized push events. No GitHub security incident reported for Convex repos. Green.

Sources #

  • Internal
    Convex Finance data cache — GitHub metadata.research/protocols/convex-finance/00-data-cache.json — github.last_commit_date: 2025-10-23retrieved 2026-05-16
  • GitHub
    Convex Finance Platform Repository — GitHubconvex-eth/platform — last commit 2025-10-23 per data cacheretrieved 2026-05-16

Methodology #

Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol convex-finance factor RD-F-108 score green collected_at 2026-05-16 02:41:28