defirisk.co
rubric v1.7.0

Deployed bytecode matches signed release tag

Uniswap (v2 + v3)'s assessment for RD-F-136 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2: deployed 2020-05-18; source verified on Etherscan; audited bytecode = deployed bytecode by construction (no proxy). V3: Factory and Pool contracts deployed May 2021; Etherscan 'Exact Match' verification; audited from specific pre-launch commits. Both versions match audited source.

Detail #

V2: v2-core GitHub repository is public with documented commit history; source verified on Etherscan. dapp.org audit covered v2-core from specific pre-launch code. Immutable deployment means audited code = deployed code permanently. V3: v3-core GitHub (data cache: last_commit_date=2026-04-30 — documentation only, no new deployments). Factory 0x1F98431 has 'Exact Match' Etherscan verification. Trail of Bits and ABDK both audited from specific pre-launch commits — those commits are deployed. No proxy upgrade means audited code = deployed code permanently.

Sources #

  • GitHub
    Uniswap v3-core GitHubv3-core repo: audited pre-launch commits; no deployment changesretrieved 2026-05-12
  • Etherscan
    UniswapV3Factory EtherscanUniswapV3Factory 0x1F98431: deployed 2021-05-05, Exact Match verification, no changesretrieved 2026-05-12

Methodology #

Determine whether the deployed runtime bytecode corresponds to a signed git tag in the protocol's repository.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-136 score green collected_at 2026-05-12 10:36:11