Shared-library version with known-vuln status

Usual (USD0 / bUSD0 / USUAL)'s assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Solidity 0.8.20 (core contracts) and 0.8.22 (L1OFTAdapter): both versions have no known current CVE. The TransientStorageClearingHelperCollision high-severity bug affects 0.8.28–0.8.33 only — not applicable. OZ Upgradeable contracts version used has no current advisory.

Sources #

URL
Solidity Compiler Bug Information Database — EtherscanSolidity known bug database — 0.8.20 not affectedretrieved 2026-05-17
Etherscan
L1OFTAdapter — EtherscanL1OFTAdapter — Solidity 0.8.22 confirmedretrieved 2026-05-17
URL
Solidity Blog — TransientStorageClearingHelperCollisionTransientStorageClearingHelperCollision — affects 0.8.28–0.8.33 onlyretrieved 2026-05-17

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol usual factor RD-F-135 score green collected_at 2026-05-16 20:39:44