GitHub force-push to sensitive branch

Polymarket's assessment for RD-F-108 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

v1-deferred. Applicable. Last commit to ctf-exchange repo: 2026-02-03 (data cache). Malicious bot campaign (Feb 2026) operated through hijacked third-party org (dev-protocol), not Polymarket's own GitHub org. No force-push to Polymarket repos documented. Not in v1 monitoring scope.

Sources #

GitHub
Polymarket/ctf-exchangePolymarket ctf-exchange GitHub — last commit 2026-02-03retrieved 2026-04-29

Methodology #

Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-108 score not_assessed collected_at 2026-04-29 16:25:39