Disclosure channel exists

Concrete's assessment for RD-F-175 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Active Cantina-hosted bug bounty launched November 5, 2025 with $250,000 USDC max payout (Critical: $250K, High: $100K). Scope covers universal vault system, strategy integrations, NAV updates, and withdrawal paths. Program is managed by Cantina's specialized Web3 security team. Constitutes a clear public disclosure channel.

Sources #

URL
Concrete Bug Bounty — CantinaCantina bug bounty page for Concrete — live since 2025-11-05; $250K max; Critical $250K, High $100Kretrieved 2026-05-17
URL
Cantina x Concrete — Securing Institutional Yield InfrastructureCantina blog announcement dated 2026-02-05 confirming $250K USDC bounty and scope detailsretrieved 2026-05-17

Methodology #

Determine whether the protocol publishes a public security disclosure channel (security@ email, Immunefi program, in-house disclosure page).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol concrete factor RD-F-175 score green collected_at 2026-05-17 14:36:59