Fix-merged-but-not-deployed gap

Falcon Finance's assessment for RD-F-140 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cannot assess fix-merged-but-not-deployed gap. No public GitHub repository means no commit history is accessible. Zellic Medium finding (sUSDf initialization) stated as addressed in the report but the fix cannot be verified.

Detail #

No public GitHub. Zellic audit report states 1 Medium finding ('StakedUSDf initialization may fail') and per standard Zellic format the finding status should be listed — but the PDF is not directly readable via WebFetch. No mechanism to verify whether the fix was merged and then separately deployed.

Sources #

Audit
Zellic Audit — Falcon Finance USDf/sUSDf (1 Medium: StakedUSDf initialization may fail)https://reports.zellic.io/publications/falcon-financeretrieved 2026-05-12

Methodology #

Determine whether a known vulnerability has a PR merged in the repo but the fix has not been included in the deployed bytecode.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol falcon-finance factor RD-F-140 score gray collected_at 2026-05-12 04:06:37