Shared-library version with known-vuln status

mETH Protocol's assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Primary security-critical library: OpenZeppelin Contracts v4.9.0 (final v4 release, 2023-05). No high/critical GHSA advisory active for v4.9.0 as of 2026-05-16. aave-v3-origin is Aave's own well-maintained library with no known active advisory. forge-std is a testing utility (not production security-critical).

Sources #

GitHub
OpenZeppelin Contracts v4.9.0 Release — no critical advisoryOpenZeppelin Contracts v4.9.0 release — stable final v4 release, no critical CVE activeretrieved 2026-05-16

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol meth-protocol factor RD-F-135 score green collected_at 2026-05-16 02:17:50