defirisk.co
rubric v1.7.0

Disclosure SLA public

BlackRock USD Institutional Digital Liquidity Fund (BUIDL)'s assessment for RD-F-176 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[PD-042 rescore 2026-05-12, v1.7.0+] Public DeFi-style disclosure channels (Immunefi, Cantina, GitHub post-mortems with public SLAs) are not the disclosure path for SEC-registered tokenized funds; disclosure flows through SEC filings, transfer-agent communications, and institutional channels. Scored not_applicable per PD-042 (Cat 13 RWA-issuer subset). ORIGINAL EVIDENCE (preserved from v1.6.0 grading): No disclosure SLA published. BlackRock HackerOne and corporate disclosure policy do not state an acknowledgment-time SLA. Securitize has no published SLA. RD-F-175 red (channel missing) compounds to red here.

Sources #

  • URL
    https://www.blackrock.com/us/individual/compliance/responsible-disclosureretrieved 2026-04-26
  • URL
    https://hackerone.com/blackrockretrieved 2026-04-26

Methodology #

Determine whether the protocol publishes an acknowledgment-time SLA for disclosed vulnerabilities (e.g., 72h ack).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol blackrock-buidl factor RD-F-176 score not_applicable collected_at 2026-05-12 09:40:42