Shared-library version with known-vuln status

QuickSwap's assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2: solc 0.5.16 known bugs — 7 bugs, all LOW or VERY LOW severity. UniswapV2Factory/Pair does not use experimental ABIEncoderV2 or signed storage arrays, so the most relevant bugs (SignedArrayStorageCopy, ABIEncoderV2LoopYulOptimizer) are not triggered by this contract pattern. V3: solc 0.7.6 known bugs — 7 bugs, all LOW or VERY LOW severity. MemoryArrayCreationOverflow (LOW) and privateCanBeOverridden (LOW) are the highest-severity bugs for 0.7.6; neither is a HIGH/CRITICAL advisory for AMM contract patterns. No OZ/Solady version with active HIGH/CRITICAL CVE identified.

Sources #

URL
Etherscan Solidity Bug InfoSolc known bugs for 0.5.16 and 0.7.6 — all LOW or VERY LOW severityretrieved 2026-05-16
Etherscan
AlgebraFactory PolygonscanV3 AlgebraFactory — solc 0.7.6 confirmedretrieved 2026-05-16

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol quickswap factor RD-F-135 score green collected_at 2026-05-16 08:48:31