Dependency tree uses EOL Solidity version

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-174 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

v2-core: Solidity 0.6.12 — EOL (unsupported below 0.8.x). v3-core: Solidity 0.7.6 — EOL (unsupported below 0.8.x). Both core AMM contracts are immutable deployments; cannot be migrated to supported compiler versions without full contract redeployment and user migration. SushiXSwap v2 (0.8.10) and sushi-peripherals (0.8.15) use supported versions. Scoring yellow: core components on EOL versions but no active high-severity compiler bug identified for these specific versions and contract patterns.

Sources #

Etherscan
SushiV2Factory Etherscan compiler versionSushiV2Factory — Solidity 0.6.12 (EOL, below 0.8.x)retrieved 2026-05-17
Etherscan
SushiV3Factory Etherscan compiler versionSushiV3Factory — Solidity 0.7.6 (EOL, below 0.8.x)retrieved 2026-05-17
GitHub
SushiXSwapV2.sol — pragma 0.8.10SushiXSwapV2 pragma 0.8.10 — supported version; peripheral contracts on supported versionsretrieved 2026-05-17

Methodology #

Determine whether the deployed code or its dependencies use an EOL or unsupported Solidity version without a forward-compatibility patch.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-174 score yellow collected_at 2026-05-16 19:50:37