defirisk.co
rubric v1.7.0

Fix-merged-but-not-deployed gap

Lombard Finance's assessment for RD-F-140 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No specific vulnerability with a merged fix but undeployed patch identified from public audit records or GitHub commit history. OZ V2 audit findings (6H resolved, 4M resolved) appear to have been deployed in subsequent upgrades.

Sources #

  • Audit
    https://www.openzeppelin.com/news/lombard-auditretrieved 2026-05-05
  • GitHub
    https://github.com/lombard-finance/evm-smart-contractsretrieved 2026-05-05

Methodology #

Determine whether a known vulnerability has a PR merged in the repo but the fix has not been included in the deployed bytecode.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lombard factor RD-F-140 score green collected_at 2026-05-05 12:03:08