Shared-library version with known-vuln status

stHYPE (Valantis Labs)'s assessment for RD-F-135 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

OZ upgradeable contracts (AccessControlDefaultAdminRulesUpgradeable, VotesUpgradeable, ERC20Upgradeable) inferred in use from source snippets but exact OZ version not determinable — no foundry.toml or package.json with version pinning found. Cache oz_contracts_version: null. solc 0.8.28 known-vuln addressed under Cat 12.

Sources #

Internal
Data cache — OZ version not determined.research/protocols/staked-hype/00-data-cache.json oz_contracts_version: nullretrieved 2026-05-17
URL
stHYPE token implementation — OZ imports visiblehyperevmscan.io/address/0xe71cAF5c1fe56d8897c7b604295d23968049e057#code — OZ imports visible in source snippetsretrieved 2026-05-17

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol staked-hype factor RD-F-135 score gray collected_at 2026-05-17 13:02:38