Dependency tree uses EOL Solidity version

Morpho V1 (Morpho Blue + MetaMorpho)'s assessment for RD-F-174 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Morpho Blue core uses Solidity 0.8.19 (7 minor versions behind current stable 0.8.28+); not EOL but dated; no high/critical bugs in 0.8.19 affecting Morpho Blue code patterns; MetaMorpho uses 0.8.21.

Detail #

Solidity 0.8.x is an actively maintained series (non-EOL). Current stable as of 2026 is 0.8.28+. Version 0.8.19 is 7 minor releases behind current. It is not officially EOL per the Solidity versioning schedule. However, the 7-version gap represents meaningful distance from current security improvements. The four low-severity bugs documented above suggest the compiler version has known issues (even if low-severity). MetaMorpho.sol uses 0.8.21 (closer to current). Yellow reflects the dated-but-not-EOL status per template guidance.

Sources #

GitHub
https://github.com/morpho-org/metamorpho/blob/main/src/MetaMorpho.solretrieved 2026-04-27
Etherscan
https://etherscan.io/address/0xBBBBBbbBBb9cC5e90e3b3Af64bdAF62C37EEFFCb#coderetrieved 2026-04-27

Methodology #

Determine whether the deployed code or its dependencies use an EOL or unsupported Solidity version without a forward-compatibility patch.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol morpho-v1 factor RD-F-174 score yellow collected_at 2026-04-30 21:19:13