★ Post-audit code changes without re-audit

Uniswap (v2 + v3)'s assessment for RD-F-139 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2: not applicable (immutable). dapp.org (2020) audited bytecode = deployed bytecode by construction. V3: not applicable (immutable). Trail of Bits (Mar 2021) and ABDK (Mar-Apr 2021) audited bytecode = deployed bytecode. GovernorBravo implementation stable post-upgrade. Combined: green.

Detail #

V2: the dapp.org.uk audit (2020) covered v2-core pre-launch. Since V2 contracts are immutable, the deployed bytecode cannot change — the audit covers what is deployed, permanently. V3: Trail of Bits audit (March 2021, 10 issues, all resolved pre-launch) and ABDK audit (March-April 2021, 159 minor issues, all resolved pre-launch) covered v3-core pre-launch. Since V3 core contracts are immutable, no post-audit code changes are possible by architecture. GovernorBravoDelegate implementation (0x53a328F4) has been stable since the Bravo upgrade. Factor requires audited code â‰ deployed code — structurally impossible for immutable contracts.

Sources #

Audit
dapp.org V2 audit reportV2 audit: dapp.org.uk — pre-launch coverage of immutable v2-coreretrieved 2026-05-12
Audit
Trail of Bits Uniswap V3 auditTrail of Bits audit March 2021: pre-launch scope, immutable deploymentretrieved 2026-04-29
Audit
ABDK Uniswap V3 auditABDK audit March-April 2021: pre-launch scoperetrieved 2026-04-29

Methodology #

Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-139 score green collected_at 2026-05-12 10:36:11