defirisk.co
rubric v1.7.0

GitHub force-push to sensitive branch

Curve Finance's assessment for RD-F-108 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

v1-deferred (P2). Requires real-time GitHub API monitoring per protocol. curvefi GitHub org last commit 2026-03-20 (tricrypto-ng per data cache). No force-push alerts or unexpected sensitive-branch pushes identified at static assessment. Not assessable without live GitHub monitoring.

Sources #

  • Internal
    Curve Finance Data Cache — GitHub00-data-cache.json github.last_commit_date: 2026-03-20 — normal commit cadenceretrieved 2026-04-28

Methodology #

Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol curve-v2 factor RD-F-108 score not_assessed collected_at 2026-04-28 19:48:40