Dependency had malicious-release incident (last 90d)

Save (formerly Solend)'s assessment for RD-F-134 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Key dependencies pinned to exact versions from late 2021. These frozen versions would not be affected by new malicious releases. Upstream SPL archived March 2025 (no new releases). No active GitHub Security Advisory for solana-program 1.7.12 or switchboard-program 0.1.45 in trailing 90 days.

Sources #

GitHub
Cargo.toml — solendprotocol/solana-program-libraryCargo.toml — frozen exact dependency versionsretrieved 2026-05-17
GitHub
Upstream SPL token-lending (archived)Upstream archived March 2025 — no new releasesretrieved 2026-05-17

Methodology #

Determine whether any npm/PyPI/crates.io dependency of this protocol had a flagged malicious release in the trailing 90 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-134 score green collected_at 2026-05-17 15:20:15