defirisk.co
rubric v1.7.0

GitHub force-push to sensitive branch

A real-time signals factor in the v1.7.0 rubric. Measured per protocol on a rt cadence.

Methodology how we score #

**What this measures** This real-time signal fires when the protocol's primary repository shows a force-push or push to a sensitive branch (main, master, production, or tagged release) from an account that is not on the protocol's known-contributor list, or when a force-push removes commits from the history of a production branch. The signal is generated via GitHub API webhook monitoring on the repository's push events. Category 6 context: repository history manipulation is documented in exit-scam scenarios — Uranium Finance deleted their GitHub post-exploit — and a force-push to production by an unknown actor is a supply-chain compromise signal.

**Why it matters** Uranium Finance ($57.2M, 2021) deleted their GitHub repository post-exploit — a retroactive cover-up rather than a pre-exploit signal, but indicative of the pattern. More relevantly, a supply-chain compromise scenario where an attacker gains repository access and force-pushes malicious code to the production branch would be detected by this signal before any on-chain consequence materializes. The XZ Utils supply-chain attack (not DeFi, but the canonical example) demonstrated that months of contribution activity can precede a single malicious commit to a sensitive branch. GitHub monitoring provides an automated mechanism for detecting this class of supply-chain attack.

**Green / Yellow / Red** Green is the baseline when all pushes to sensitive branches originate from known contributors with established repository history. Yellow fires when a push to a sensitive branch occurs from a contributor with shorter tenure than the 30-day threshold — flagged for curator review but not immediately red. Red fires when a force-push occurs on a production branch, or when any push to a production branch originates from an account not in the known-contributor list, particularly if combined with no associated PR review.

**Common gray cases** Gray applies when the repository is private and push events are not accessible via the monitoring API, or when the protocol does not maintain a public repository and deployments are managed through a closed DevOps pipeline.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.

Data & output #

Data source
GitHub API webhook on repository events filtered for `push` to protected branches
Output format
Green / Yellow / Red
Evidence artifact
GitHub event payload + branch name + pusher identity + timestamp
Confidence signal
green = signal not firing; red = force-push or unauthorized push detected; gray = GitHub monitoring not configured for this repo

Scored protocols 80 carry this factor #

Protocol RD-F-108
Aave v3 ethereum not_assessed Across Protocol ethereum green Aerodrome Finance base gray Axelar Network ethereum green Babylon Protocol bitcoin green Balancer (v2 + v3) ethereum green Beefy Finance ethereum green BENQI avalanche gray BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum gray Centrifuge ethereum green Chainlink CCIP ethereum green Circle USYC binance gray Compound V3 (Comet) ethereum gray Concrete ethereum gray Convex Finance ethereum green crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum not_assessed deBridge ethereum gray Dolomite ethereum gray dYdX v4 (dYdX Chain) dydx green EigenLayer ethereum not_assessed Ethena ethereum green ether.fi ethereum green Euler V2 ethereum gray Falcon Finance ethereum not_applicable Fluid ethereum green Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum green Hyperlane ethereum gray Hyperliquid arbitrum gray Jito solana not_assessed Jupiter solana not_assessed Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron gray Kamino Lend solana green Kinetiq hyperliquid gray Lido ethereum gray Liquid Collective (LsETH) ethereum gray Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc gray Lombard Finance ethereum green M^0 ethereum green Maple Finance ethereum green Marinade Finance solana gray Meteora solana gray mETH Protocol ethereum green Midas ethereum gray Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum gray Ondo Finance ethereum green OpenEden ethereum gray Orca solana green PancakeSwap bsc not_assessed Pendle Finance ethereum not_assessed Polymarket polygon not_assessed QuickSwap polygon gray Raydium solana not_assessed Rocket Pool ethereum gray Sanctum solana green Save (formerly Solend) solana gray Sky Lending (formerly MakerDAO) ethereum gray Spark Protocol ethereum green Spiko stellar not_assessed Stake DAO ethereum gray StakeWise v3 ethereum green Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid gray SUNSwap (sun.io) tron gray Superstate ethereum not_assessed Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum green Symbiotic ethereum gray Synapse Protocol ethereum not_assessed Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron not_applicable Usual (USD0 / bUSD0 / USUAL) ethereum gray Veda (BoringVault) ethereum gray Venus Protocol bsc not_assessed Wormhole ethereum green Yearn Finance ethereum gray
0 red · 0 yellow · 29 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-108 category 6 carried 80 critical no