Upstream patch not merged
Synapse Protocol's assessment for RD-F-127 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Missing virtual price check in _calculateSwap() was the exploit vector — introduced via fork divergence from Curve/Saddle canonical implementation.
Sources #
- URLhttps://rekt.news/synapse-protocol-rekt/retrieved 2026-05-06
Methodology #
Determine whether the upstream fork source has published a known-vulnerability patch that has not been merged into this fork's deployed code.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol synapse factor RD-F-127 score red collected_at 2026-04-26 21:35:35