Dependency tree uses EOL Solidity version

Rocket Pool's assessment for RD-F-174 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Solidity 0.7.6 (released December 16, 2020) is the compiler for all core protocol contracts including rETH, RocketStorage, RocketBase, and all pre-Saturn One contracts. Solidity only provides security fixes to the latest release branch (0.8.x series); version 0.7.x is de facto EOL — no new security patches are applied. 0.7.6 is over 5 years old at assessment date. Saturn One contracts use 0.8.30 (current/supported). Core protocol TVL-bearing contracts are on an unsupported EOL compiler version.

Sources #

GitHub
hardhat-common.config.jshardhat-common.config.js — 0.7.6 explicitly configured for core contractsretrieved 2026-05-04
Etherscan
rETH Token EtherscanrETH Etherscan — 0.7.6+commit.7338295f confirmed on TVL-bearing contractretrieved 2026-05-04
URL
Solidity 0.7.6 Release AnnouncementSolidity 0.7.6 release announcement — December 16, 2020retrieved 2026-05-04

Methodology #

Determine whether the deployed code or its dependencies use an EOL or unsupported Solidity version without a forward-compatibility patch.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol rocket-pool factor RD-F-174 score red collected_at 2026-05-04 15:40:28