Fix-merged-but-not-deployed gap

PancakeSwap's assessment for RD-F-140 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No known fix-merged-but-not-deployed gap identified. BCE/USDT pool exploit (March 2025) was a third-party token mechanism issue, not a PancakeSwap protocol fix. Core AMM contracts are immutable — no patch gap possible.

Sources #

URL
PancakeSwap BCE/USDT ExploitBCE/USDT exploit — third-party token flaw, not PancakeSwap protocol fix gapretrieved 2026-04-28

Methodology #

Determine whether a known vulnerability has a PR merged in the repo but the fix has not been included in the deployed bytecode.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pancakeswap factor RD-F-140 score green collected_at 2026-04-28 19:10:57