defirisk.co
rubric v1.7.0

Fix-merged-but-not-deployed gap

Save (formerly Solend)'s assessment for RD-F-140 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No specific evidence found of a fix merged in GitHub but not deployed. November 2022 oracle attack response included temporary pool disabling and v2 development. Code-security-analyst must verify current deployed bytecode vs latest repo commit.

Sources #

  • Internal
    Save profile — incidents section.research/protocols/save/00-profile.md §10 — November 2022 oracle attack; no specific fix-merged-not-deployed evidence foundretrieved 2026-05-17

Methodology #

Determine whether a known vulnerability has a PR merged in the repo but the fix has not been included in the deployed bytecode.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-140 score gray collected_at 2026-05-17 15:20:15