Fix-merged-but-not-deployed gap

Uniswap (v2 + v3)'s assessment for RD-F-140 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2: immutable; no deployment possible for fixes even if needed. V3 core: immutable. GitHub v3-core shows no open security-critical PRs awaiting deployment. Zero exploits in 5+ combined years confirm no known unaddressed vulnerabilities. Combined: green.

Detail #

V2: immutable since May 2020. V3: immutable since May 2021. Neither protocol has had a direct contract-level exploit in 5+ years of live operation. Data cache: rekt.incidents=[]. GitHub v3-core: no open critical security PRs visible. GitHub last_commit_date=2026-04-30 is documentation-only. No evidence of a security fix merged but not yet deployed.

Sources #

GitHub
Uniswap v3-core GitHubv3-core GitHub repo: no open critical security PRs visibleretrieved 2026-04-29

Methodology #

Determine whether a known vulnerability has a PR merged in the repo but the fix has not been included in the deployed bytecode.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-140 score green collected_at 2026-05-12 10:36:11