Shared-library version with known-vuln status

Save (formerly Solend)'s assessment for RD-F-135 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

solana-program 1.7.12 (from ~July 2021) is very old relative to current Solana SDK 2.x (2026). No specific CVE/GHSA advisory found for this version in the context of the token-lending functionality. switchboard-program 0.1.45 (Switchboard v1) is effectively abandoned (superseded by v2/v3). Risk is structural (old, unmaintained dependencies) rather than advisory-confirmed.

Sources #

GitHub
Cargo.toml — solendprotocol/solana-program-libraryCargo.toml — old solana-program 1.7.12 and switchboard v1retrieved 2026-05-17
URL
solend-token-lending on lib.rssolend-token-lending crate — minimal maintenance status notedretrieved 2026-05-17

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-135 score yellow collected_at 2026-05-17 15:20:15