defirisk.co
rubric v1.7.0

Deployed bytecode matches signed release tag

Axelar Network's assessment for RD-F-136 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

axelar-cgp-solidity has tagged releases (v6.4.0 as Oct 2024 latest in the primary repo). No explicit bytecode-to-release-tag verification table found. Foundry not used (data cache: foundry_toml_present=false); Hardhat used. Reproducible build verification not confirmed publicly. Some releases may match deployed bytecode but the mapping is not published.

Sources #

  • GitHub
    axelar-cgp-solidity releases — GitHubaxelar-cgp-solidity releases: v6.4.0 (Oct 17 2024), v6.3.1 (Apr 17 2024), etc.retrieved 2026-05-17
  • Internal
    Data cache — GitHub metadata00-data-cache.json: foundry_toml_present=false, hardhat_config_present=trueretrieved 2026-05-17

Methodology #

Determine whether the deployed runtime bytecode corresponds to a signed git tag in the protocol's repository.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol axelar factor RD-F-136 score yellow collected_at 2026-05-16 21:57:49