Dependency tree uses EOL Solidity version

Save (formerly Solend)'s assessment for RD-F-174 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The program pins solana-program=1.7.12 (from July 2021, approximately Solana SDK v1.7). Current Solana SDK is 2.x (2026). Solana SDK 1.7.12 is well past end-of-support. The crate is noted as minimal-maintenance status on lib.rs. However, the BPF bytecode is compiled and deployed statically — the old SDK version does not create runtime update exposure, but the program misses SBF security improvements in newer versions. Yellow for old, unsupported SDK as structural analog to EOL Solidity.

Sources #

URL
solend-token-lending on lib.rssolend-token-lending crate — minimal maintenance status, old SDKretrieved 2026-05-17
GitHub
Cargo.toml — solendprotocol/solana-program-libraryCargo.toml — solana-program 1.7.12 (2021, well past EOL)retrieved 2026-05-17

Methodology #

Determine whether the deployed code or its dependencies use an EOL or unsupported Solidity version without a forward-compatibility patch.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-174 score yellow collected_at 2026-05-17 15:20:15