Shared-library version with known-vuln status

Hyperlane's assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

OpenZeppelin 4.9.3 — pinned. As of 2026-05-17, OZ 4.9.3 has no active high/critical GHSA advisory affecting contracts used by Hyperlane (Initializable, OwnableUpgradeable, ECDSA, SafeERC20, TransparentUpgradeableProxy). Score: green.

Sources #

GitHub
Hyperlane Monorepo — solidity/remappings.txtremappings.txt — OZ pinned at v4.9.3retrieved 2026-05-17

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperlane factor RD-F-135 score green collected_at 2026-05-16 23:03:56