defirisk.co
rubric v1.7.0

Disclosure channel exists

BlackRock USD Institutional Digital Liquidity Fund (BUIDL)'s assessment for RD-F-175 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[PD-042 rescore 2026-05-12, v1.7.0+] Public DeFi-style disclosure channels (Immunefi, Cantina, GitHub post-mortems with public SLAs) are not the disclosure path for SEC-registered tokenized funds; disclosure flows through SEC filings, transfer-agent communications, and institutional channels. Scored not_applicable per PD-042 (Cat 13 RWA-issuer subset). ORIGINAL EVIDENCE (preserved from v1.6.0 grading): No public security disclosure channel for BUIDL smart contract vulnerabilities. BlackRock HackerOne (hackerone.com/blackrock) covers corporate IT/web properties only, not blockchain smart contracts. Securitize has no public security disclosure channel. No Immunefi program, no security.txt found.

Sources #

  • URL
    https://hackerone.com/blackrockretrieved 2026-04-26
  • URL
    https://immunefi.comretrieved 2026-04-26

Methodology #

Determine whether the protocol publishes a public security disclosure channel (security@ email, Immunefi program, in-house disclosure page).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol blackrock-buidl factor RD-F-175 score not_applicable collected_at 2026-05-12 09:40:42