GitHub force-push to sensitive branch

Liquity V1 + V2 (LUSD / BOLD)'s assessment for RD-F-108 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

GitHub force-push/sensitive-branch push signal (T-09 phase-2 signal tier). Applicable: yes (GitHub org liquity/bold and liquity/dev). Current posture: no force-push alerts identified for Liquity repos. Cache shows last commit date 2026-05-16 indicating active, healthy development. The codebase passed a 5-week 800-researcher Cantina competition (March-April 2025) indicating mature branch protection practices. No anomalous push events identified.

Sources #

Internal
00-data-cache.json githubData cache github.last_commit_date: 2026-05-16; repo_url: https://github.com/liquity/boldretrieved 2026-05-16
URL
Cantina Liquity v2 audit competition portfolioCantina competition (5 weeks, 800+ researchers, March-April 2025) indicating mature security postureretrieved 2026-05-16

Methodology #

Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol liquity factor RD-F-108 score green collected_at 2026-05-16 10:35:50