Deployed bytecode matches signed release tag

OpenEden's assessment for RD-F-136 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

GitHub repo has 8 commits on main branch with no signed (GPG) release tags. Most recent commit 47a77ab (Sep 8, 2025) is unsigned. Deployed V5 implementation (0xc4545Bf80f) was upgraded 2025-08-14. No signed release tags found in the openeden.vault.audit repo. Deployed bytecode cannot be matched to a signed release tag.

Sources #

GitHub
GitHub vault audit repo — no signed release tagsopeneden.vault.audit repo: 8 commits, no release tags, latest commit 47a77ab (Sep 8, 2025) unsignedretrieved 2026-05-16

Methodology #

Determine whether the deployed runtime bytecode corresponds to a signed git tag in the protocol's repository.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol openeden factor RD-F-136 score red collected_at 2026-05-16 10:11:45