Fix-merged-but-not-deployed gap
StakeWise v3's assessment for RD-F-140 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No known vulnerability with fix-merged-but-not-deployed pattern identified. Statemind April 2026 audit covers current codebase; v5.0.0 release followed on 2026-04-29. No post-audit-disclosed-but-undeployed fix found in public channels.
Sources #
- GitHubstakewise/v3-core — GitHubv3-core: no open security advisories; v5.0.0 is the latest deployed releaseretrieved 2026-05-16
- Statemind StakeWise Core V3 Audit — 2026-04-20Statemind 2026-04-20: most recent audit of StakeWise Core V3; v5.0.0 release 2026-04-29 followsretrieved 2026-05-16
Methodology #
Determine whether a known vulnerability has a PR merged in the repo but the fix has not been included in the deployed bytecode.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol stakewise factor RD-F-140 score green collected_at 2026-05-16 01:03:28