Shared-library version with known-vuln status

Centrifuge's assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

centrifuge/protocol uses foundry-based dependency management. Auth pattern is MakerDAO-derived, not OZ-based. V3.1 codebase uses custom ReentrancyProtection.sol, custom Auth.sol, custom MathLib.sol — minimal external library dependency. No OpenZeppelin or Solady version with known CVE identified in accessible dependency files.

Sources #

GitHub
https://github.com/centrifuge/protocol/blob/main/src/misc/ReentrancyProtection.solretrieved 2026-04-27
GitHub
https://github.com/centrifuge/protocol/blob/main/src/misc/Auth.solretrieved 2026-04-27

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol centrifuge factor RD-F-135 score green collected_at 2026-04-30 21:19:10