Hot-patch deploys without timelock (last 30 days)

Lido's assessment for RD-F-138 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No evidence of timelock-bypassing hot-patches. ZKsync bridge vulnerability (March 2026) followed: pause → audit → DAO vote for fix deployment. No untimelocked deployments identified.

Sources #

URL
2028803376306336068https://x.com/LidoFinance/status/2028803376306336068retrieved 2026-04-28
URL
0xCE0425301C85c5Ea2A0873A2dEe44d78E02D2316https://etherscan.io/address/0xCE0425301C85c5Ea2A0873A2dEe44d78E02D2316retrieved 2026-04-28

Methodology #

Count upgrades executed in the last 30 days without going through the declared timelock path.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lido factor RD-F-138 score green collected_at 2026-04-28 13:58:42