defirisk.co
rubric v1.7.0

Fix-merged-but-not-deployed gap

Veda (BoringVault)'s assessment for RD-F-140 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No known vulnerability with merged fix but undeployed patch. No public security advisories, no Rekt DB entries, no GHSA records for BoringVault.

Sources #

  • Internal
    Data cache — no incidents or advisoriesData cache: rekt.incidents=[], static_analysis=[]retrieved 2026-05-17

Methodology #

Determine whether a known vulnerability has a PR merged in the repo but the fix has not been included in the deployed bytecode.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-140 score green collected_at 2026-05-17 12:41:22