defirisk.co
rubric v1.7.0

Shared-library version with known-vuln status

Dolomite's assessment for RD-F-135 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

OZ v2.5.1 (core): Very old version (2019-era). Known OZ issues (ERC777 reentrancy, ERC20 non-standard return) exist in some 2.x versions but DolomiteMargin does not use those patterns. No active critical GHSA advisory specifically targeting OZ 2.5.1 for the SafeMath/utility usage patterns in DolomiteMargin found. For modules (OZ version not determinable from available data). Yellow: old OZ version but no active critical advisory confirmed for the specific usage pattern.

Sources #

  • GitHub
    DolomiteMargin package.jsonpackage.json: @openzeppelin/contracts ^2.5.1 — very old OZ version (2019-era)retrieved 2026-05-16

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dolomite factor RD-F-135 score yellow collected_at 2026-05-16 11:12:56