Shared-library version with known-vuln status

Spiko's assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

OZ v5.4.0: No high/critical GHSA advisories for this version as of 2026-05-16. OZ 5.x is current supported release. Soroban SDK 22.0.8: No known critical advisories. Chainlink contracts ^0.8.0: widely used, no active critical advisories.

Sources #

GitHub
spiko-tech/contracts package.json OZ versionpackage.json OZ 5.4.0 - current supported release no critical advisoriesretrieved 2026-05-16
GitHub
spiko-tech/stellar-contracts Cargo.tomlCargo.toml soroban-sdk 22.0.8 exact pin no known advisoriesretrieved 2026-05-16

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol spiko factor RD-F-135 score green collected_at 2026-05-15 22:52:13