defirisk.co
rubric v1.7.0

Shared-library version with known-vuln status

Circle USYC's assessment for RD-F-135 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

USYC contracts use OpenZeppelin Initializable, UUPS upgradeable, and EIP-1967 proxy primitives — genuine shared-library dependencies. No public repo to inspect exact OZ version pinning (foundry_toml_present false; github.repo_url null). Cannot assess OZ version or CVE status without repo access. Gray — not truly not_applicable since OZ is a real dependency, but not assessable without repo.

Sources #

  • Etherscan
    YieldCoin Implementation - EtherscanYieldCoin uses OZ Initializable, UUPS patterns visible from verified source; exact OZ version not determinable without package.json or foundry.tomlretrieved 2026-05-16
  • GitHub
    circlefin GitHub Organizationcirclefin org — no USYC-specific repo with package.json or foundry.toml accessibleretrieved 2026-05-16

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol circle-usyc factor RD-F-135 score gray collected_at 2026-05-15 21:56:43