Fix-merged-but-not-deployed gap
Raydium's assessment for RD-F-140 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No evidence of fix-merged-but-not-deployed gap. Both Immunefi-disclosed bugs (tick manipulation Jan 2024, liquidity drain Mar 2025) were patched and deployed. No open security PRs with undeployed fixes identified in the public repos.
Sources #
- URLImmunefi Raydium Liquidity Drain Bugfix Review — Mar 2025immunefi.com/blog/all/raydium-liquidity-drain-bug-fix-reviewretrieved 2026-04-29
- Raydium GitHub org — no open undeployed security fix PRs foundgithub.com/raydium-io reposretrieved 2026-04-29
Methodology #
Determine whether a known vulnerability has a PR merged in the repo but the fix has not been included in the deployed bytecode.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol raydium factor RD-F-140 score green collected_at 2026-04-29 12:31:55