Shared-library version with known-vuln status

Lombard Finance's assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

OpenZeppelin 5.0.2 (released February 2024): no known high/critical CVE or GHSA advisory as of 2026-05-05. This version introduced EIP-7201 namespaced storage (preventing storage collisions), virtual shares for ERC-4626, and other security improvements over 4.x. No regression vulnerability reported in the 5.0.x series. Chainlink CCIP 1.6.1: no known high/critical advisory. LayerZero ^3.0.x packages: no known malicious-release advisory.

Sources #

GitHub
package.json — dependency versionsOZ 5.0.2 pinned; no GHSA advisory found for this versionretrieved 2026-05-05

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lombard factor RD-F-135 score green collected_at 2026-05-05 12:03:08