Hot-patch deploys without timelock (last 30 days)

Babylon Protocol's assessment for RD-F-138 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

v4.2.7 (Apr 14, 2026) bumped CometBFT to v0.38.22 — minor node-level update; v4.2.5 (Feb 4, 2026) addressed CometBFT security fix (GHSA-h598-3g3g-c67c). Minor CometBFT bumps in Cosmos SDK chains are typically deployed by validators independently without requiring governance upgrade proposals (no state change). No confirmed timelock-bypass or hot-patch-without-governance-approval identified in the last 30 days. Governance upgrade proposals are on-chain with voting periods.

Sources #

GitHub
Babylon Genesis Chain Releasesv4.2.7 Apr 14, 2026 — 'Bump comet-bft to v0.38.22'; v4.2.5 Feb 4, 2026 security fixretrieved 2026-05-04

Methodology #

Count upgrades executed in the last 30 days without going through the declared timelock path.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol babylon-protocol factor RD-F-138 score green collected_at 2026-05-04 19:43:27