defirisk.co
rubric v1.7.0

Dependency had malicious-release incident (last 90d)

Balancer (v2 + v3)'s assessment for RD-F-134 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No published malicious npm/pip/crates release affecting Balancer v2 or v3 dependencies in the 90 days before 2026-05-05 found in any security advisory database or news source reviewed. No GHSA or CVE advisory flagged for OpenZeppelin 5.x or other Balancer-listed dependencies in Q1-Q2 2026.

Sources #

  • Curator note
    No malicious dependency release in 90d window foundNo security advisory for Balancer deps found in Q1-Q2 2026 reviewretrieved 2026-05-05

Methodology #

Determine whether any npm/PyPI/crates.io dependency of this protocol had a flagged malicious release in the trailing 90 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol balancer factor RD-F-134 score not_assessed collected_at 2026-05-05 12:41:36