Dependency tree uses EOL Solidity version

Wormhole's assessment for RD-F-174 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Solidity 0.8.4 is not EOL — it is a superseded but not unsupported version within the 0.8 series. Solidity 0.8.x security patches are being maintained. The version is old (released April 2021) but not "end of life" in the sense that 0.4.x would be. NTT and newer contracts appear to use more recent 0.8.x versions per their respective foundry configs.

Sources #

Curator note
Extracted from 01-code-security.md — RD-F-174 finding; no URL cited in originalretrieved 2026-04-28

Methodology #

Determine whether the deployed code or its dependencies use an EOL or unsupported Solidity version without a forward-compatibility patch.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol wormhole factor RD-F-174 score yellow collected_at 2026-04-28 01:38:43