defirisk.co
rubric v1.7.0

Deployed bytecode matches signed release tag

Save (formerly Solend)'s assessment for RD-F-136 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Source published at github.com/solendprotocol/solana-program-library. Whether deployed bytecode at So1endDq2YkqhipRh3WViPa8hdiSpxWy6z3Z6tMCpAo corresponds to a signed release tag cannot be confirmed without local build + bytecode diff. Only solend-audit-v1.0.pdf in the public audit directory (no signed release tag with bytecode hash). Code-security-analyst must verify.

Sources #

  • GitHub
    Solend token-lending audit directorygithub.com/solendprotocol/solana-program-library/tree/master/token-lending/audit — only solend-audit-v1.0.pdf; no signed release tag with bytecode hash foundretrieved 2026-05-17

Methodology #

Determine whether the deployed runtime bytecode corresponds to a signed git tag in the protocol's repository.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-136 score gray collected_at 2026-05-17 15:20:15