Deployed bytecode matches signed release tag

Orca's assessment for RD-F-136 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Orca uses GitHub release tags with semver. Bytecode-to-release-tag matching requires anchor verify comparison between the on-chain deployed program hash and the compiled artifact from the tagged commit. Not performed in this session. Pipeline-unimplemented for Solana BPF programs.

Sources #

GitHub
Orca Whirlpools GitHub repo (no FV spec directory found)https://github.com/orca-so/whirlpoolsretrieved 2026-05-16

Methodology #

Determine whether the deployed runtime bytecode corresponds to a signed git tag in the protocol's repository.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol orca factor RD-F-136 score gray collected_at 2026-05-16 02:39:16