Solc version used (known-bug versions flagged)
ether.fi's assessment for RD-F-170 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Deployed bytecode for core contracts (LiquidityPool, eETH, weETH, EtherFiNodesManager) is compiled with Solidity 0.8.13 (confirmed via Etherscan verified source metadata). Solidity 0.8.13 carries the StorageWriteRemovalBeforeConditionalTermination bug (medium/high severity), affecting versions 0.8.13-0.8.16, fixed in 0.8.17. The bug triggers when Yul optimizer is enabled and code contains storage writes before functions calling return(...) or stop() in inline assembly. The foundry.toml configures 0.8.27 (no known bugs, clean), suggesting newer contracts are compiled with 0.8.27 but legacy proxy implementations have not been recompiled. Yellow rather than red because: (a) the bug requires specific inline-assembly patterns that may not be present in ether.fi's contract code, and (b) Certora FV provides compensating assurance on core invariants.
Sources #
- EtherscanweETH — solc v0.8.13+commit.abaa5c0e0xCd5fE23C85820F7B72D0926FC9b05b43E359b7ee #code — v0.8.13retrieved 2026-04-28
- Solc bug DB — 0.8.13 StorageWriteRemovalBeforeConditionalTermination medium/highetherscan.io/solcbuginfo — StorageWriteRemovalBeforeConditionalTerminationretrieved 2026-04-28
- foundry.toml — configures solc 0.8.27 (clean, no known bugs)foundry.toml — solc 0.8.27retrieved 2026-04-28
- LiquidityPool — solc v0.8.13+commit.abaa5c0e0x308861A430be4cce5502d0A12724771Fc6DaF216 #code — v0.8.13retrieved 2026-04-28
Methodology #
Identify the Solidity compiler version used for deployed bytecode and flag if it appears on the known-bug list (solc bugs.json or Vyper 0.2.15–0.3.0 range).
See the full factor methodology and distribution across all protocols →