Upstream patch not merged

QuickSwap's assessment for RD-F-127 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2: Uniswap V2 core is also immutable (no post-deploy patches); no upstream security patch to miss. QuickSwap V2 core frozen at Dec 2022 (last commit). V3/Algebra: Algebra has released Algebra Integral (newer architecture) with additional audits (MixBytes, Bailsec, Paladin). The QuickSwap Polygon V3 appears to run Algebra V1. No documented critical security patch to Algebra V1 core found that QuickSwap has failed to apply. Algebra Integral updates appear to be new-version features, not backports of V1 security fixes. Scored green with medium confidence — no confirmed critical patch missed, but the Algebra V1 vs Integral version relationship is not exhaustively documented.

Sources #

GitHub
QuickSwap Core CommitsQuickSwap-core last commit Dec 2022 — frozenretrieved 2026-05-16
GitHub
Algebra Finance Audits DirectoryAlgebra audits directory — newer Algebra Integral audits (Bailsec, MixBytes, Paladin)retrieved 2026-05-16

Methodology #

Determine whether the upstream fork source has published a known-vulnerability patch that has not been merged into this fork's deployed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol quickswap factor RD-F-127 score green collected_at 2026-05-16 08:48:31