defirisk.co
rubric v1.7.0

Shared-library version with known-vuln status

Hyperliquid's assessment for RD-F-135 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Bridge2 uses OpenZeppelin contracts but the exact OZ version cannot be determined (no manifest file). The use of 'draft-ERC20Permit' import suggests an OZ version from the 2021–2022 era (draft-ERC20Permit was later promoted to non-draft in OZ 4.9+). Earlier OZ versions may carry advisory-level issues. Without a confirmed version, a definitive assessment is not possible.

Sources #

  • GitHub
    Bridge2.sol raw sourceBridge2.sol import paths — draft-ERC20Permit import indicates pre-4.9 OZ versionretrieved 2026-04-28

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperliquid factor RD-F-135 score gray collected_at 2026-04-28 13:58:49