Solc version used (known-bug versions flagged)

Convex Finance's assessment for RD-F-170 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Mainnet core contracts compiled with Solidity v0.6.12+commit.27d51765 (confirmed via Etherscan Exact Match on Booster, VoterProxy, CvxLockerV2). Optimizer enabled at 200 runs. Solidity 0.6.12 was released 2020-07-22. Known applicable bugs for 0.6.12 with optimizer: StorageWriteRemovalBeforeConditionalTermination (medium severity, fixed 0.8.17) and KeccakCaching (medium severity, fixed 0.8.3). These are medium-severity risks; no high/critical bug confirmed applicable to the specific contract types deployed. Sidechain contracts use 0.8.10 (not EOL). Yellow for medium-severity known-bug exposure on the older compiler.

Sources #

Etherscan
Convex Booster Etherscan (solc v0.6.12, optimizer 200 runs, Exact Match)Booster 0xF403C1 - v0.6.12 optimizer 200 runsretrieved 2026-05-16
URL
Solidity known bugs database (StorageWriteRemoval, KeccakCaching affect 0.6.12)Solidity bugs.json - known bugs including 0.6.12 applicableretrieved 2026-05-16

Methodology #

Identify the Solidity compiler version used for deployed bytecode and flag if it appears on the known-bug list (solc bugs.json or Vyper 0.2.15–0.3.0 range).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol convex-finance factor RD-F-170 score yellow collected_at 2026-05-16 02:41:28