Solc version used (known-bug versions flagged)

Chainlink CCIP's assessment for RD-F-170 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Three compiler versions: (1) solc 0.8.19 — Router, ARM, ARMProxy, ManyChainMultiSig, RBACTimelock; (2) solc 0.8.24 — OnRamp/OffRamp (Nov-2024 audit scope); (3) pragma ^0.8.4 — MultiOCR3Base library. Known bugs for 0.8.19: StorageWriteRemovalBeforeConditionalTermination (medium/high, optimizer-required at 26000 runs), InlineAssemblyMemorySideEffects (medium, optimizer-required). TransientStorageClearingHelperCollision bug (high, viaIR required) does NOT apply — CCIP uses 0.8.19/0.8.24, both below the 0.8.28 floor. Yellow: medium-severity optimizer-related bugs exist for 0.8.19 with optimizer, but high/critical bugs are not confirmed applicable to CCIP's usage pattern.

Sources #

Etherscan
ARM implementation — solc 0.8.19+commit.7dd6d404, 26000 runsARM impl (0x8B63b3DE) — solc 0.8.19, 26000 optimizer runsretrieved 2026-05-16
URL
Solidity TransientStorageClearingHelperCollision Bug — 0.8.28-0.8.33 onlyTransientStorageClearingHelperCollision bug — affects 0.8.28-0.8.33 only (not CCIP)retrieved 2026-05-16
Etherscan
Chainlink CCIP Router — solc 0.8.19+commit.7dd6d404, 26000 runsRouter (0x80226fc0) — solc 0.8.19, 26000 optimizer runsretrieved 2026-05-16
URL
Etherscan Solidity Bug Info DBSolidity bug list — known bugs for 0.8.19retrieved 2026-05-16
Etherscan
ManyChainMultiSig — solc 0.8.19+commit.7dd6d404, 200 runsManyChainMultiSig (0xE53289) — solc 0.8.19, 200 optimizer runsretrieved 2026-05-16

Methodology #

Identify the Solidity compiler version used for deployed bytecode and flag if it appears on the known-bug list (solc bugs.json or Vyper 0.2.15–0.3.0 range).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol chainlink-ccip factor RD-F-170 score yellow collected_at 2026-05-16 01:55:09