Disclosure SLA public

Axelar Network's assessment for RD-F-176 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Partial SLA only. GitHub security policy states a 48-hour confirmation window (first-response SLA). No full resolution SLA or maximum hold period published. Immunefi program specifies Category 3 (researcher must obtain Axelar approval before publication) without bounding the timeline. The 2024 responsible disclosure took ~5 months from initial report to governance resolution — slow but coordinated and appropriate given the governance-required fix. No end-to-end disclosure timeline publicly committed.

Sources #

URL
Halting Cross-chain: Axelar Network Vulnerability Disclosure — Marco Hextor2024 vulnerability disclosure — ~5-month resolution window from initial report to governance fix; acceptable but no public SLA governed thisretrieved 2026-05-17
GitHub
Security Overview — axelarnetwork/axelar-coreGitHub security policy for axelar-core — 48-hour confirmation window stated; no resolution SLA statedretrieved 2026-05-17

Methodology #

Determine whether the protocol publishes an acknowledgment-time SLA for disclosed vulnerabilities (e.g., 72h ack).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol axelar factor RD-F-176 score yellow collected_at 2026-05-16 21:57:49