Dependency tree uses EOL Solidity version

Venus Protocol's assessment for RD-F-174 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Solidity 0.5.16 and 0.5.17 are EOL (Solidity active support is 0.8.x series). Used for legacy contracts in production since 2020. No high-severity known bugs apply to these versions for Venus's usage patterns. Primary risk is forward-compat (new EIP support, compiler warnings) rather than current live vulnerability. Yellow for the EOL compiler status despite no active bug risk.

Sources #

GitHub
venus-protocol hardhat.config.ts — 0.5.16 for legacy contractshardhat.config.ts — legacy 0.5.16retrieved 2026-04-28
Etherscan
BscScan Timelock v0.5.17 — EOL compiler confirmedBscScan Timelock — v0.5.17retrieved 2026-04-28

Methodology #

Determine whether the deployed code or its dependencies use an EOL or unsupported Solidity version without a forward-compatibility patch.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol venus factor RD-F-174 score yellow collected_at 2026-04-28 18:30:49