Shared-library version with known-vuln status
Polymarket's assessment for RD-F-135 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
OZ contracts pinned to SHA 8769b198 (V1) — exact version tag not resolved. Solady pinned to SHA acd959aa (both repos). No active GHSA high/critical advisory found for these library versions from public GHSA search, but exact OZ version tag from SHA not confirmed. Confidence low.
Sources #
- GitHubOpenZeppelin contracts — pinned SHA version checkopenzeppelin-contracts SHA 8769b198 — version tag not resolved; no active GHSA foundretrieved 2026-04-29
Methodology #
Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol polymarket factor RD-F-135 score yellow collected_at 2026-04-29 16:25:39