Solc version used (known-bug versions flagged)

Lido's assessment for RD-F-170 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Three compiler versions: (1) 0.4.24 — ExpExponentCleanup bug (medium/high, fixed 0.4.25) applies; limited practical risk given usage pattern (SafeMath, no dynamic non-literal small-type exponents identified). (2) 0.8.9 — no current known high-severity bugs per Etherscan bug list. (3) 0.8.25 — not affected by TransientStorageClearingHelperCollision (affects 0.8.28-0.8.33). Legacy 0.4.24 creates yellow signal; new code is clean.

Sources #

URL
solcbuginfohttps://etherscan.io/solcbuginforetrieved 2026-04-28
URL
0xae7ab96520DE3A18E5e111B5EaAb095312D7fE84#codehttps://etherscan.io/address/0xae7ab96520DE3A18E5e111B5EaAb095312D7fE84#coderetrieved 2026-04-28
URL
Solidity 0.8.25-0.8.33 TransientStorageClearingHelperCollision bug (HIGH)https://www.soliditylang.org/blog/2026/02/18/transient-storage-clearing-helper-collision-bug/retrieved 2026-04-26
URL
bugs.htmlhttps://docs.soliditylang.org/en/v0.4.25/bugs.htmlretrieved 2026-04-28
URL
0xFdDf38947aFB03C621C71b06C9C70bce73f12999#codehttps://etherscan.io/address/0xFdDf38947aFB03C621C71b06C9C70bce73f12999#coderetrieved 2026-04-28

Methodology #

Identify the Solidity compiler version used for deployed bytecode and flag if it appears on the known-bug list (solc bugs.json or Vyper 0.2.15–0.3.0 range).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lido factor RD-F-170 score yellow collected_at 2026-04-28 13:58:42