Dependency tree uses EOL Solidity version

Ondo Finance's assessment for RD-F-174 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Solidity 0.8.16 (OUSG/USDY): active 0.8.x stable branch. Solidity 0.5.17 (Flux Finance): outside actively maintained track; receives no new updates. No specific unpatched critical bug known for 0.5.17 in its deployed context.

Sources #

URL
https://github.com/ethereum/solidity/releasesretrieved 2026-04-28
Etherscan
https://etherscan.io/address/0x95Af143a021DF745bc78e845b54591C53a8B3A51retrieved 2026-04-28

Methodology #

Determine whether the deployed code or its dependencies use an EOL or unsupported Solidity version without a forward-compatibility patch.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ondo-finance factor RD-F-174 score yellow collected_at 2026-05-14 12:01:55