Shared-library version with known-vuln status

StakeWise v3's assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

OpenZeppelin contracts-upgradeable pinned at commit 60b305a (v5.x series — latest v5.6.1 as of Feb 27 2026). Historical OZ advisories (GHSA-q4h9-46xg-m3x9 UUPSUpgradeable fixed in v4.3.2; GHSA-9c22-pwxw-p6hx initializer reentrancy fixed in v4.4.1) do not affect the 5.x series. Solidity 0.8.22 and 0.8.26 have no high-severity compiler bugs per Etherscan solcbuginfo — the most recent high-severity bug (TransientStorageClearingHelperCollision) first appeared in 0.8.28.

Sources #

GitHub
OpenZeppelin contracts-upgradeable repository — v5.6.1 latestOZ contracts-upgradeable v5.6.1 latest release Feb 27 2026; pinned commit 60b305a is in the 5.x seriesretrieved 2026-05-16
URL
Etherscan Solidity Compiler Bug InfoEtherscan solcbuginfo — no high-severity bugs for Solidity 0.8.22 or 0.8.26; TransientStorageClearingHelperCollision first appears in 0.8.28retrieved 2026-05-16

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stakewise factor RD-F-135 score green collected_at 2026-05-16 01:03:28