defirisk.co
rubric v1.7.0

GitHub force-push to sensitive branch

Midas's assessment for RD-F-108 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

GitHub force-push to sensitive branch. Main repo RedDuck-Software/midas-contracts is private (github_private: true per data cache). GitHub webhook monitoring is not feasible without repo access grant. Signal requires GitHub API webhook access to protected branches; private repo prevents this. Production pipeline not implemented.

Sources #

  • Internal
    Data cache — private repo prevents GitHub monitoring00-data-cache.json: github_private=true; RedDuck-Software/midas-contracts returns 404 for public accessretrieved 2026-05-16

Methodology #

Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-108 score gray collected_at 2026-05-16 09:34:55