defirisk.co
rubric v1.7.0

GitHub malicious-dependency incident touching protocol deps

mETH Protocol's assessment for RD-F-160 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

GitHub-flagged malicious-dependency incident touching protocol deps. No GitHub Security Advisory (GHSA) targeting mantle-lsp/contracts dependencies detected at assessment time. Protocol dependencies include OpenZeppelin libraries, LayerZero SDK, and BoringVault pattern. No confirmed malicious release in these libraries in trailing 90 days per public OSINT. GitHub last commit 2026-04-15.

Sources #

Methodology #

Determine whether a security advisory flags a malicious release in a dependency consumed by this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol meth-protocol factor RD-F-160 score green collected_at 2026-05-16 02:17:50