Shared-library version with known-vuln status

Multipli's assessment for RD-F-135 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

OZ version unconfirmed (cache oz_contracts_version=null; .gitmodules 404). Import paths suggest OZ v5.x (ERC4626Upgradeable, PausableUpgradeable patterns). No active high/critical GHSA advisory known for OZ v5 as of 2026-05-17, but exact version needed to rule out specific advisories.

Sources #

Etherscan
MultipliVault implementation — OZ import paths, no version visibleSnowtrace — MultipliVault impl import paths (@openzeppelin/contracts-upgradeable, no version tag)retrieved 2026-05-17

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol multipli factor RD-F-135 score gray collected_at 2026-05-17 11:48:35