Solc version used (known-bug versions flagged)

Midas's assessment for RD-F-170 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

All deployed Midas contracts (mTBILL impl, mBASIS impl, mBTC impl, Issuance Vault impl) use Solidity v0.8.9+commit.e5eed63a, confirmed via Etherscan verified-source metadata for each contract. Solidity v0.8.9 appears on the known-bug list for AbiReencodingHeadOverflowWithStaticArrayCleanup (medium severity, SOL-2022-6), which corrupts 32 leading bytes of the first dynamic component when ABI-encoding a tuple with a static calldata array as the last component. Fixed in v0.8.16. The contracts have not been upgraded to a patched compiler version. The bug's applicability to Midas's specific function signatures requires local analysis not possible from public sources; however the version is confirmed on the known-bug list with medium severity. Yellow (not red) — medium severity bug, not high/critical.

Sources #

Etherscan
mTBILL Implementation — Solidity versionmTBILL impl — Solidity v0.8.9+commit.e5eed63a, optimizer 200 runsretrieved 2026-05-16
Etherscan
Issuance Vault Implementation — Solidity versionIssuance Vault impl — Solidity v0.8.9+commit.e5eed63aretrieved 2026-05-16
URL
Solidity AbiReencodingHeadOverflow Bug AdvisorySolidity AbiReencodingHeadOverflow bug blog post — medium severity, affects v0.8.9, fixed in v0.8.16retrieved 2026-05-16

Methodology #

Identify the Solidity compiler version used for deployed bytecode and flag if it appears on the known-bug list (solc bugs.json or Vyper 0.2.15–0.3.0 range).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-170 score yellow collected_at 2026-05-16 09:34:55