defirisk.co
rubric v1.7.0

Upstream patch not merged

Aerodrome Finance's assessment for RD-F-127 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No evidence of outstanding Velodrome v2 security patches not merged into Aerodrome (shared team makes co-maintenance plausible). Uniswap v3 core is a frozen immutable contract with no active security patches. No active upstream advisory found in web search.

Sources #

  • GitHub
    Uniswap v3 core repoUniswap v3 core — immutable/frozen contracts, no new security patchesretrieved 2026-05-04
  • GitHub
    Velodrome v2 GitHub repoVelodrome v2 contracts repo — no active security patches beyond those in Spearbit auditretrieved 2026-05-04

Methodology #

Determine whether the upstream fork source has published a known-vulnerability patch that has not been merged into this fork's deployed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aerodrome factor RD-F-127 score green collected_at 2026-05-04 19:56:03