Deployed bytecode matches signed release tag

Polymarket's assessment for RD-F-136 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No signed release tags in ctf-exchange-v2 GitHub repo (GitHub API /releases returned empty []). Deployed bytecode verified on Polygonscan (exact match) but not anchored to a signed git tag commit. Source is publicly verifiable but formal signed-tag provenance absent.

Sources #

GitHub
GitHub API releases — empty array; no signed release tagsPolymarket/ctf-exchange-v2/releases-api-emptyretrieved 2026-04-29
Etherscan
CTFExchange V2 — Verified (Exact Match), solc v0.8.340xE111180000d2663C0091e4f400237545B87B996B-coderetrieved 2026-04-29

Methodology #

Determine whether the deployed runtime bytecode corresponds to a signed git tag in the protocol's repository.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-136 score yellow collected_at 2026-04-29 16:25:39