defirisk.co
rubric v1.7.0

GitHub force-push to sensitive branch

Aerodrome Finance's assessment for RD-F-108 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

6B exploit-in-progress: GitHub force-push to sensitive branch. GitHub monitoring not configured for dry-run. Aerodrome has public GitHub repos (aerodrome-finance/contracts, aerodrome-finance/slipstream). Last commit 2025-12-18 (data cache). No public reports of unauthorized pushes to main/production branches.

Sources #

  • GitHub
    Aerodrome Finance Contracts GitHubaerodrome-finance/contracts — public repo; last commit 2025-12-18 per data cache. No public reports of force-push or unauthorized access.retrieved 2026-05-04

Methodology #

Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aerodrome factor RD-F-108 score gray collected_at 2026-05-04 19:56:03