Dependency tree uses EOL Solidity version

OpenEden's assessment for RD-F-174 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Solidity 0.8.9 (primary vault contracts) was released March 2021 — over 5 years ago. It is not formally declared EOL by the Solidity team (no explicit EOL list), but the 0.8.x rolling release model means 0.8.9 receives no security patches. Hardhat config also includes 0.7.6, 0.6.6, 0.4.24 which are genuinely legacy versions, likely for library compatibility interfaces. No critical compiler bugs documented for 0.8.9 in the Solidity advisory list. Yellow for unmaintained version age without critical known bug.

Sources #

GitHub
OpenEden Vault Audit — hardhat.config.tshardhat.config.ts — versions 0.8.9, 0.7.6, 0.6.6, 0.4.24 present in compiler configretrieved 2026-05-16
Etherscan
OpenEdenVaultV5 — Etherscan Verified SourceTBILL V5 impl deployed with v0.8.9+commit.e5eed63aretrieved 2026-05-16

Methodology #

Determine whether the deployed code or its dependencies use an EOL or unsupported Solidity version without a forward-compatibility patch.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol openeden factor RD-F-174 score yellow collected_at 2026-05-16 10:11:45