Deployed bytecode matches signed release tag

StakeWise v3's assessment for RD-F-136 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Multiple GitHub releases exist (v5.0.0 2026-04-29; 13 total releases). Active development confirmed. Statemind April 2026 audit covered current codebase. Rigorous bytecode-vs-signed-tag diff not performed. Yellow due to inability to independently verify bytecode diff against each release tag without code-security tooling.

Sources #

Audit
Statemind StakeWise Core V3 Audit — 2026-04-20Statemind 2026-04-20: StakeWise Core V3 audit covers current codebase (contemporaneous with v5.0.0)retrieved 2026-05-16
GitHub
stakewise/v3-core — GitHub releasesstakewise/v3-core: 13 releases; v5.0.0 released 2026-04-29; last_commit_date 2026-04-29retrieved 2026-05-16

Methodology #

Determine whether the deployed runtime bytecode corresponds to a signed git tag in the protocol's repository.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stakewise factor RD-F-136 score yellow collected_at 2026-05-16 01:03:28