defirisk.co
rubric v1.7.0

Upstream patch not merged

PancakeSwap's assessment for RD-F-127 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No public Uniswap V2 security patches were issued post-2020 — Uniswap V2 is immutable (no upgrade mechanism; patches would require a new deploy). No Uniswap V3 critical vulnerability patches issued by Uniswap Labs since the V3 launch. For Infinity vs Uniswap V4: PancakeSwap explicitly lists key differences (different hook interface, BNB native support) — custom enough that upstream V4 patches would not automatically apply. No pending upstream patch identified affecting PancakeSwap's deployed code.

Sources #

  • GitHub
    Uniswap V3 Core GitHubUniswap/v3-core GitHub — no security patches since April 2023 BUSL expiryretrieved 2026-04-29

Methodology #

Determine whether the upstream fork source has published a known-vulnerability patch that has not been merged into this fork's deployed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pancakeswap factor RD-F-127 score green collected_at 2026-04-28 19:10:57