GitHub malicious-dependency incident touching protocol deps
Usual (USD0 / bUSD0 / USUAL)'s assessment for RD-F-160 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No GitHub security advisory or npm malicious-release flag for OpenZeppelin upgradeable contracts or LayerZero V2 libraries has been publicly reported in the trailing 90-day window. OpenZeppelin is actively maintained (OZ v5.x current); LayerZero V2 has been audited. No supply-chain compromise advisory affecting Usual's documented dependencies identified.
Sources #
- GitHubOpenZeppelin security advisoriesOpenZeppelin GitHub security advisories — no critical advisory affecting upgradeable contracts in trailing 90 days foundretrieved 2026-05-17
Methodology #
Determine whether a security advisory flags a malicious release in a dependency consumed by this protocol.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol usual factor RD-F-160 score green collected_at 2026-05-16 20:39:44