Deployed bytecode matches signed release tag
Midas's assessment for RD-F-136 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Main repo RedDuck-Software/midas-contracts is private — no public release tags accessible to verify signed-tag-to-bytecode correspondence. Sherlock audit repos cover commits 0b1644f (Sherlock 2024-05) and 4abcc5b (Sherlock 2024-08), but the Sep-2024 mTBILL upgrade (impl 0xD4998Cc1) and Dec-2025 vault upgrade (impl 0xC8AF8477) are post-audit deployments from private commits with no matching public release tag.
Sources #
- Curator notePrivate repo — no release tag accessProfile ANOMALY 4: github_private=true on RedDuck-Software/midas-contracts; no public release tagsretrieved 2026-05-16
- Sherlock 2024-05 repo — latest public commitSherlock 2024-05 public commit 0b1644f — pre-dates Sep-2024 upgraderetrieved 2026-05-16
Methodology #
Determine whether the deployed runtime bytecode corresponds to a signed git tag in the protocol's repository.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol midas factor RD-F-136 score gray collected_at 2026-05-16 09:34:55