Dependency tree uses EOL Solidity version

Balancer (v2 + v3)'s assessment for RD-F-174 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

v2 (higher-risk): Deployed at Solidity 0.7.1 which is End-of-Life (Solidity 0.8.x is the current supported series; 0.7.x reached EOL when 0.8.0 launched Sept 2020, with 0.8.x receiving all subsequent security patches). v2 contracts are immutable — permanently on EOL 0.7.1 with no upgrade path. v3: Solidity 0.8.26 is within the active 0.8.x support window (not EOL). Scoring against v2 = yellow.

Sources #

Etherscan
v2 Vault Etherscan: constructor-based, no proxyhttps://etherscan.io/address/0xBA12222222228d8Ba445958a75a0704d566BF2C8#coderetrieved 2026-05-05
Etherscan
v3 Vault Etherscan: delegatecall proxy to hardcoded VaultExtension, not UUPShttps://etherscan.io/address/0xbA1333333333a1BA1108E8412f11850A5C319bA9#coderetrieved 2026-05-05

Methodology #

Determine whether the deployed code or its dependencies use an EOL or unsupported Solidity version without a forward-compatibility patch.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol balancer factor RD-F-174 score yellow collected_at 2026-05-05 12:41:36