Dependency had malicious-release incident (last 90d)

Venus Protocol's assessment for RD-F-134 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No malicious release incident for OpenZeppelin contracts (4.9.3 or 4.8.x) or other Venus dependencies (hardhat 2.22.18, ethers 5.7.0) in the last 90 days. OZ contracts are highly scrutinized with no recent supply-chain incidents.

Sources #

GitHub
OpenZeppelin contracts releases — no malicious release in last 90 daysOZ contracts release historyretrieved 2026-04-28

Methodology #

Determine whether any npm/PyPI/crates.io dependency of this protocol had a flagged malicious release in the trailing 90 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol venus factor RD-F-134 score green collected_at 2026-04-28 18:30:49