Shared-library version with known-vuln status

JustLend DAO's assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

JustLend does not use OpenZeppelin, Solady, or Solmate as smart contract dependencies. The three npm packages (dotenv, ethers, tronweb) are tooling-only and not deployed on-chain. No GHSA advisory found for dotenv 16.x, ethers 5.x, or tronweb 4.x affecting deployed contracts.

Sources #

GitHub
JustLend package.json — no security-critical library depspackage.json: no OZ/Solady/Solmate dependency; tooling deps only (dotenv, ethers, tronweb)retrieved 2026-05-17

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol justlend factor RD-F-135 score green collected_at 2026-05-17 10:25:32