defirisk.co
rubric v1.7.0

Upgrade frequency (per 90 days)

A post-deploy hygiene & change mgmt factor in the v1.7.0 rubric. Measured per protocol on a e cadence.

Methodology how we score #

**What this measures** This factor counts the number of distinct contract upgrades executed for the protocol's core contracts in the trailing 90-day window. The count is derived from on-chain Upgraded events emitted by UUPS or transparent proxy contracts, or equivalent upgrade-execution events for other proxy patterns. High upgrade frequency is a proxy for ongoing development activity on production contracts — an elevated surface area for post-audit code changes.

**Why it matters** Upgrade frequency is an operational hygiene indicator: protocols that upgrade frequently are making ongoing changes to live production code, each of which represents a potential introduction of unreviewed vulnerability. A protocol that upgrades its core lending contracts six times in 90 days has introduced six windows during which post-audit changes may be unreviewed (assessed separately under RD-F-139). High upgrade frequency also signals that the codebase is not in a stabilized state, which correlates with lower battle-test confidence. This factor is displayed as a count rather than a pass/fail to give context to the RD-F-139 assessment.

**Green / Yellow / Red** Green is assigned when the upgrade count is 0 or 1 in the trailing 90 days, indicating a stable deployed codebase. Yellow covers 2–4 upgrades in 90 days with all changes documented via release notes or governance proposals. Red is assigned when 5 or more upgrades have been executed in the trailing 90 days, or when upgrades are occurring without publicly documented justification.

**Common gray cases** This factor is grayed when the protocol uses immutable (non-upgradeable) contracts, where an upgrade count of zero is structural rather than behavioral.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Count the number of contract upgrades in the trailing 90 days via on-chain upgrade events.

Data & output #

Data source
`Upgraded` events (EIP-1967 proxy) + `Implementation` storage slot change monitoring via RPC
Output format
Green / Yellow / Red
Evidence artifact
List of upgrade tx hashes + timestamps + implementation address before/after
Confidence signal
green = 0–2 upgrades in 90 days (routine maintenance cadence); yellow = 3–5 upgrades; red = ≥6 upgrades in 90 days (high churn); gray = protocol has no upgradeable contracts

Scored protocols 80 carry this factor #

Protocol RD-F-137
Aave v3 ethereum green Across Protocol ethereum gray Aerodrome Finance base green Axelar Network ethereum yellow Babylon Protocol bitcoin yellow Balancer (v2 + v3) ethereum green Beefy Finance ethereum yellow BENQI avalanche not_assessed BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum green Cap (cUSD / stcUSD) ethereum yellow Centrifuge ethereum green Chainlink CCIP ethereum yellow Circle USYC binance green Compound V3 (Comet) ethereum yellow Concrete ethereum yellow Convex Finance ethereum green crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum yellow deBridge ethereum yellow Dolomite ethereum yellow dYdX v4 (dYdX Chain) dydx yellow EigenLayer ethereum yellow Ethena ethereum green ether.fi ethereum yellow Euler V2 ethereum green Falcon Finance ethereum green Fluid ethereum yellow Frax Finance ethereum yellow GMX v2 (GMX Synthetics) arbitrum yellow Hyperlane ethereum gray Hyperliquid arbitrum gray Jito solana yellow Jupiter solana red Jupiter Perpetual Exchange solana not_assessed JustLend DAO tron gray Kamino Lend solana yellow Kinetiq hyperliquid yellow Lido ethereum yellow Liquid Collective (LsETH) ethereum green Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc green Lombard Finance ethereum green M^0 ethereum green Maple Finance ethereum green Marinade Finance solana green Meteora solana yellow mETH Protocol ethereum green Midas ethereum green Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum green Ondo Finance ethereum green OpenEden ethereum green Orca solana yellow PancakeSwap bsc yellow Pendle Finance ethereum yellow Polymarket polygon green QuickSwap polygon green Raydium solana yellow Rocket Pool ethereum green Sanctum solana yellow Save (formerly Solend) solana gray Sky Lending (formerly MakerDAO) ethereum yellow Spark Protocol ethereum yellow Spiko stellar yellow Stake DAO ethereum yellow StakeWise v3 ethereum yellow Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid yellow SUNSwap (sun.io) tron green Superstate ethereum yellow Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum yellow Symbiotic ethereum green Synapse Protocol ethereum yellow Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron yellow Usual (USD0 / bUSD0 / USUAL) ethereum yellow Veda (BoringVault) ethereum yellow Venus Protocol bsc yellow Wormhole ethereum gray Yearn Finance ethereum green
1 red · 39 yellow · 31 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-137 category 9 carried 80 critical no