Shared-library version with known-vuln status

Uniswap (v2 + v3)'s assessment for RD-F-135 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Pre-marked not_applicable. V3-core has no OZ or Solady dependency. UniversalRouter uses solmate; no current high/critical GHSA advisory for solmate. Permit2 uses its own implementation, audited. Factor not applicable per pre-mark.

Detail #

Even setting aside the pre-mark, no high or critical GHSA advisory affecting solmate was identified as of 2026-05-12. The Permit2 contract uses its own EIP-712 implementation audited by ABDK and Chainsecurity rather than depending on an external library.

Sources #

GitHub
v3-core — no shared library dependency with known CVEv3-core package.json — no OZ/Soladyretrieved 2026-05-12

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-135 score not_applicable collected_at 2026-05-12 10:36:11