defirisk.co
rubric v1.7.0

Dependency had malicious-release incident (last 90d)

Kamino Lend's assessment for RD-F-134 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No known malicious-release advisory affecting Anchor 0.29.0, SPL token 3.5.0, or Solana core ~1.17.18 in the trailing 90 days. Git dependencies are Kamino-controlled, not public registry packages.

Detail #

WebSearch found no GHSA or crates.io advisory for the used versions. The three git dependencies (scope, sbod-itf, strum fork) are Kamino-controlled and not distributed through public registries, reducing supply chain compromise risk relative to third-party packages.

Sources #

  • GitHub
    GitHub Security AdvisoriesNo GHSA advisory for anchor-lang 0.29.0 found via GitHub Security Advisoriesretrieved 2026-04-27

Methodology #

Determine whether any npm/PyPI/crates.io dependency of this protocol had a flagged malicious release in the trailing 90 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol kamino-lend factor RD-F-134 score green collected_at 2026-04-30 21:19:16