defirisk.co
rubric v1.7.0

GitHub force-push to sensitive branch

Spiko's assessment for RD-F-108 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

v1-deferred per T-09 §3.3. Applicable to spiko-tech/contracts (public GitHub, last commit 2026-03-03), but requires permissioned GitHub monitoring per protocol not available at v1. No anomalous push identified in available public observation.

Sources #

  • GitHub
    Spiko EVM contracts GitHub repospiko-tech/contracts last commit 2026-03-03; public repo, no obvious force-push anomalyretrieved 2026-05-16
  • Internal
    T-09 real-time signals v2/deferred tableT-09 §3.3 deferred signal table: F100 GitHub force-push requires GitHub permissioned access per protocolretrieved 2026-05-16

Methodology #

Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol spiko factor RD-F-108 score not_assessed collected_at 2026-05-15 22:52:13