Upstream patch not merged

Polymarket's assessment for RD-F-127 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Gnosis CTF upstream appears effectively frozen — no security patches published since ~2019-2020. No upstream security patch unmerged. Trust Security 2025 prepareCondition() disclosure is a design limitation of all CTF implementations, not a Gnosis-patched vulnerability.

Sources #

GitHub
Gnosis CTF upstream — effectively frozengnosis/conditional-tokens-contracts — 700 commits, no recent security patches foundretrieved 2026-04-29

Methodology #

Determine whether the upstream fork source has published a known-vulnerability patch that has not been merged into this fork's deployed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-127 score green collected_at 2026-04-29 16:25:39