defirisk.co
rubric v1.7.0

Disclosure SLA public

Balancer (v2 + v3)'s assessment for RD-F-176 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No explicit acknowledgment-time SLA published on the Immunefi program page or in Balancer docs/SECURITY.md (data cache: security_md_present: false). Immunefi platform implies standard 48h triage window but Balancer has not published a specific SLA. 2023 disclosure-to-action gap (11 days from report to public announcement) is consistent with norms but no SLA was formally committed. Score: yellow (SLA not published; implied by platform norms only).

Sources #

  • URL
    https://immunefi.com/bug-bounty/balancer/retrieved 2026-05-05
  • Docs
    hacksdatabase/hacks/balancer-rekt.mdretrieved 2026-05-05

Methodology #

Determine whether the protocol publishes an acknowledgment-time SLA for disclosed vulnerabilities (e.g., 72h ack).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol balancer factor RD-F-176 score yellow collected_at 2026-05-05 12:41:36