Dependency manifest uses unpinned versions

Babylon Protocol's assessment for RD-F-133 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

go.mod pins exact versions for all critical dependencies: Cosmos SDK v0.53.5, CometBFT v0.38.22, CosmWasm/wasmd v0.60.5, IBC-Go v10.5.0, btcd v0.24.2. go.sum provides cryptographic hashes for all 1,629 dependency entries. cosmos-bsn-contracts Cargo.lock pins all Rust dependencies to exact versions (cosmwasm-std 2.2.2, bitcoin 0.32.6, k256). No floating/unpinned version ranges observed.

Sources #

GitHub
cosmos-bsn-contracts Cargo.lockcosmos-bsn-contracts Cargo.lockretrieved 2026-05-04
GitHub
Babylon go.mod dependency manifestgo.mod (exact version pins)retrieved 2026-05-04
GitHub
Babylon go.sum dependency checksumsgo.sum (1,629 cryptographic hashes)retrieved 2026-05-04

Methodology #

Determine whether `package.json`, `Cargo.toml`, or `foundry.toml` uses `^` or `~` version ranges for security-critical libraries (OpenZeppelin, Solady, etc.).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol babylon-protocol factor RD-F-133 score green collected_at 2026-05-04 19:43:27