Shared-library version with known-vuln status

SUNSwap (sun.io)'s assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V3: OZ 3.4.1-solc-0.7-2 — legacy but no active high/critical GHSA for ERC-20/SafeMath components used in AMM pairs. V4: OZ 5.5.0 — recent version, no active high-severity GHSA. Solmate at specific commit — no known active CVE.

Sources #

GitHub
OpenZeppelin CHANGELOGOpenZeppelin/openzeppelin-contracts CHANGELOG — 3.4.1 no active high CVE for ERC-20/SafeMathretrieved 2026-05-17
GitHub
solmate security tabtransmissions11/solmate security tab — no known active CVEretrieved 2026-05-17

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sunswap factor RD-F-135 score green collected_at 2026-05-17 14:37:31