defirisk.co
rubric v1.7.0

Fix-merged-but-not-deployed gap

JustLend DAO's assessment for RD-F-140 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

CertiK audit: 6 major findings — 2 resolved, 2 mitigated, 1 acknowledged, 1 partially resolved. The acknowledged and partially resolved findings may represent fixes not fully deployed. Specific details not accessible (audit PDF 403 blocked). Cannot confirm no fix-merged-but-not-deployed gap without full audit artifact access.

Sources #

  • Audit
    JustLend CertiK Skynet — finding resolution statusCertiK Skynet: JustLend — Total 16 findings (0 Critical, 6 Major, 1 Medium, 2 Minor, 7 Informational). Status: 11 acknowledged, 3 partially resolved, 2 resolved. The 1 partially resolved and acknowledged findings may not be fully deployed.retrieved 2026-05-17

Methodology #

Determine whether a known vulnerability has a PR merged in the repo but the fix has not been included in the deployed bytecode.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol justlend factor RD-F-140 score yellow collected_at 2026-05-17 10:25:32