Shared-library version with known-vuln status

Liquity V1 + V2 (LUSD / BOLD)'s assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

OZ contracts pinned at commit bd325d56 = v4.9.5 (December 8, 2023). GitHub advisory search for OZ 4.9.x returned 0 active high/critical advisories. Solady @ commit 362b2efd: no known high/critical advisory. forge-std is a testing framework not used in production. All shared libraries on versions with no active high/critical GHSA advisory.

Sources #

GitHub
OZ contracts version confirmationOZ v4.9.5 commit bd325d56b4c62c9c5c1aff048c37c6bb18ac0290 confirmed Dec 8 2023retrieved 2026-05-16

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol liquity factor RD-F-135 score green collected_at 2026-05-16 10:35:50