defirisk.co
rubric v1.7.0

GitHub force-push to sensitive branch

Uniswap (v2 + v3)'s assessment for RD-F-108 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2+V3 combined: V3 core (github.com/Uniswap/v3-core) last commit 2026-04-30 per data cache. V2 core (github.com/Uniswap/v2-core) stable, minimal activity expected (fully mature immutable codebase). No public reports of unauthorized force-push to main/production branches in assessment window. V2 and V3 are fully immutable post-deploy — repo changes cannot affect deployed bytecode. Signal would NOT fire today.

Detail #

Signal fires when repository shows force-push or push to sensitive branch (main, production-tag) from non-protocol account. For V2 and V3: github.com/Uniswap/v3-core last commit 2026-04-30 (data cache confirmed). github.com/Uniswap/v2-core is a stable, minimally-active repository. No public reports of unauthorized commits to either repo. The critical immunity: even if an unauthorized force-push occurred on the repo, it cannot change the already-deployed, already-immutable bytecode on-chain. The signal is most relevant for upgradeable protocols where repo changes translate to deploy candidates. For immutable protocols, the signal is advisory/informational only. Green based on available public sources; no anomaly detected.

Sources #

  • GitHub
    Uniswap v3-core GitHubgithub.com/Uniswap/v3-core — last commit 2026-04-30 (data cache confirmed); no anomalous push patterns detectedretrieved 2026-05-12
  • GitHub
    Uniswap v2-core GitHubgithub.com/Uniswap/v2-core — stable repository, immutable codebaseretrieved 2026-05-12

Methodology #

Detect whether the repository shows a force-push or push to a sensitive branch (main, production tag) from a non-protocol account.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-108 score green collected_at 2026-05-12 10:36:11