defirisk.co
rubric v1.7.0

Bug bounty presence & max payout

Dolomite's assessment for RD-F-007 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Dolomite operates an in-house bug bounty via security@dolomite.io with no stated maximum payout, no Immunefi listing (data-cache immunefi_slug: null), no Cantina/HackerOne/Code4rena program, and no published scope contract list. At $189.3M TVL, absence of a third-party-hosted program with published USD max payout ≥$500K is red per methodology threshold.

Sources #

  • Docs
    Dolomite Audits & Securitydocs.dolomite.io/audits-and-security: Chainalysis CIR is incident response, not a bug bounty programretrieved 2026-05-16
  • Docs
    Dolomite Bug Bountydocs.dolomite.io/bug-bounty: email-only program, no max payout stated, no specific contract scoperetrieved 2026-05-16

Methodology #

Check whether a public bug bounty program is active for this protocol and record the maximum payout in USD.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dolomite factor RD-F-007 score red collected_at 2026-05-16 11:12:56