Shared-library version with known-vuln status

Concrete's assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

OZ 5.2.0 active advisories: GHSA-9rcw-c2f9-2j55 (Bytes.lastIndexOf, Low severity, Jul 2025) — affects util library only, not vault logic. No high or critical advisory for OZ 5.2.0. UUPSUpgradeable GHSA-5vp3-v4hc-gx76 (Critical) only affects 4.1.0–<4.3.2 — not applicable to 5.2.0. Green.

Sources #

URL
UUPSUpgradeable Vulnerability (not affecting 5.2.0)GHSA-5vp3-v4hc-gx76 UUPSUpgradeable — affects 4.1.0–<4.3.2 only, not 5.2.0retrieved 2026-05-17
URL
OpenZeppelin Security Advisory GHSA-9rcw-c2f9-2j55OZ GHSA-9rcw-c2f9-2j55 — Low severity Bytes.lastIndexOf, Jul 2025retrieved 2026-05-17

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol concrete factor RD-F-135 score green collected_at 2026-05-17 14:36:59