Shared-library version with known-vuln status

Maple Finance's assessment for RD-F-135 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Core contracts use Solidity 0.8.7–0.8.25 (all non-EOL). SYRUP token (0.8.18) metadata notes four low/medium solc compiler bugs (informational severity). OZ version not determinable from data-cache (oz_contracts_version=null). No critical library CVE affecting current deployed versions identified.

Sources #

Etherscan
https://etherscan.io/address/0x643C4E15d7d62Ad0aBeC4a9BD4b001aA3Ef52d66#coderetrieved 2026-04-27
Partner feed
Data-cache: oz_contracts_version=null — OZ version not determinableretrieved 2026-04-27

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol maple-finance factor RD-F-135 score yellow collected_at 2026-04-27 05:38:08