Shared-library version with known-vuln status

Liquid Collective (LsETH)'s assessment for RD-F-135 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Protocol uses Solidity 0.8.34 for new contracts (foundry.toml). Some deployed contracts (Allowlist, OperatorsRegistry) show 0.8.10 compiler in Etherscan verified metadata from earlier deployments. Solc 0.8.10 has no critical bugs affecting the proxy/staking patterns used. 0.8.34 is current and bug-clear. OpenZeppelin version not precisely determinable (package.json inaccessible). Yellow due to mixed compiler version in deployed contracts and unconfirmed OZ pin.

Sources #

Etherscan
Etherscan — OperatorsRegistryOperatorsRegistry compiled at Solidity 0.8.10+commit.fc410830retrieved 2026-05-17
URL
Etherscan — Solidity Compiler Bug InfoEtherscan Solidity bug info — no critical bugs in 0.8.10 affecting proxy patternsretrieved 2026-05-17

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol liquid-collective factor RD-F-135 score yellow collected_at 2026-05-16 19:46:23