Shared-library version with known-vuln status

Jito's assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Anchor 0.31.1: no CVE/GHSA found. Solana SDK 2.3.x: April 2025 ZK ElGamal patch was to the ZK Token program (on-chain program), not the SDK itself; patched versions are deployed. Rust 1.93.1: not on known-critical-bug list. SPL Token 4.0: no high/critical advisory found. No active known-vulnerable library version identified.

Sources #

URL
jito-solana rust-toolchain.tomlRust toolchain 1.93.1 from rust-toolchain.toml — stable, not on critical-bug listretrieved 2026-04-29

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jito factor RD-F-135 score green collected_at 2026-04-29 15:50:23