Upstream patch not merged
Save (formerly Solend)'s assessment for RD-F-127 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
The only confirmed critical upstream patch (Neodyme Dec 2021 rounding error) was applied by Solend BEFORE the upstream fix was merged (Solend patched Dec 2, upstream merged Dec 4). Upstream archived March 2025 with no new security patches since. All known upstream security-relevant changes have been applied to Solend.
Sources #
- URLBug in Solana Token Lending Contract FixedCoordinated disclosure — Solend patched Dec 2, upstream merged Dec 4 2021retrieved 2026-05-17
- Upstream SPL token-lending (archived)Upstream archived March 2025 — no new patchesretrieved 2026-05-17
Methodology #
Determine whether the upstream fork source has published a known-vulnerability patch that has not been merged into this fork's deployed code.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol save factor RD-F-127 score green collected_at 2026-05-17 15:20:15