Shared-library version with known-vuln status

M^0's assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Solmate: no active CVE or GHSA advisory (library discontinued, no new releases). forge-std: testing utility only, not security-critical for production. MZero-Labs/common: internal library audited by Kirill Fedoseev at commit 0a0cae40. Solc 0.8.23 fixes VerbatimInvalidDeduplication (low severity, pure-Yul only). No active high/critical advisory for any dependency.

Sources #

GitHub
Solmate repositorysolmate repo — no active CVEsretrieved 2026-05-16
Audit
Kirill Fedoseev Independent Auditor ReportKirill Fedoseev — MZero-Labs/common audited at commit 0a0cae40retrieved 2026-05-16
URL
Etherscan Solidity Compiler Bug InfoEtherscan solc bug info — 0.8.23 only low-severity bug (VerbatimInvalidDeduplication)retrieved 2026-05-16

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol m0 factor RD-F-135 score green collected_at 2026-05-16 09:46:19