Dependency manifest uses unpinned versions

USDD (Decentralized USD)'s assessment for RD-F-133 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No public GitHub repository (data cache github.repo_url: null). TRON substrate (TVM, not EVM Foundry/npm). The Ethereum ERC-20 is a single-file contract with inline SafeMath and no external library imports — no dependency manifest applicable. N/A.

Sources #

Internal
USDD data cache - no GitHub repoData cache 00-data-cache.json - github.repo_url: nullretrieved 2026-05-17
Etherscan
Usdd Stablecoin source - EtherscanUSDD Ethereum ERC-20 source - no external library imports, inline SafeMathretrieved 2026-05-17

Methodology #

Determine whether `package.json`, `Cargo.toml`, or `foundry.toml` uses `^` or `~` version ranges for security-critical libraries (OpenZeppelin, Solady, etc.).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol usdd factor RD-F-133 score not_applicable collected_at 2026-05-17 11:34:18