Fix-merged-but-not-deployed gap

Kinetiq's assessment for RD-F-140 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Code4rena April 2025 findings: H-01 (buffer lock) disputed, H-02 (slashing order) disputed, H-03 (receive() auto-stake) acknowledged but not fully fixed, M-01 through M-05 mostly disputed/acknowledged. Some medium findings disputed without clear on-chain remediation evidence. No confirmed merged-but-undeployed critical fix gap found.

Sources #

URL
Code4rena Kinetiq audit findings reportCode4rena 2025-04-kinetiq report: H-01 disputed, H-02 disputed, H-03 acknowledged, M-01 confirmed but not resolvedretrieved 2026-05-17

Methodology #

Determine whether a known vulnerability has a PR merged in the repo but the fix has not been included in the deployed bytecode.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol kinetiq factor RD-F-140 score yellow collected_at 2026-05-17 15:29:57