Solc version used (known-bug versions flagged)

Yearn Finance's assessment for RD-F-170 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V3 vault core: Vyper 0.3.7 — confirmed via Etherscan verification on canonical impl 0xd8063123BBA3B480569244AE66BFE72B6c84b00d. OUTSIDE the July 2023 reentrancy-affected range (0.2.15, 0.2.16, 0.3.0 only per Vyper post-mortem). V2 vaults: sampled deployments show Vyper 0.2.8 (yvDAI 0x5f18c75a, yvWBTC 0xcb550a6d) and Vyper 0.2.12 (newer yvDAI 0xdA816459). All V2 Vyper versions are OUTSIDE the affected range. Solidity periphery: solc 0.8.18 (not on known Solidity bug list). Overall: green for the reentrancy-class check. Older V2 Vyper (0.2.8) may have other bugs not enumerated here, but no active high/critical advisory found.

Sources #

URL
Vyper postmortem — affected: 0.2.15, 0.2.16, 0.3.0; NOT 0.2.8, 0.2.12, 0.3.3, 0.3.7Vyper reentrancy postmortem — affected range confirmedretrieved 2026-05-16
Etherscan
Etherscan yvDAI V2 — vyper:0.2.8 (outside affected range)0x5f18c75abdae578b483e5f43f12a39cf75b973a9 — vyper:0.2.8retrieved 2026-05-16
Etherscan
Etherscan V3 canonical impl — vyper:0.3.7 (outside reentrancy-affected range)0xd8063123BBA3B480569244AE66BFE72B6c84b00d — vyper:0.3.7retrieved 2026-05-16

Methodology #

Identify the Solidity compiler version used for deployed bytecode and flag if it appears on the known-bug list (solc bugs.json or Vyper 0.2.15–0.3.0 range).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol yearn-finance factor RD-F-170 score green collected_at 2026-05-16 08:34:32