Prior known-ignored disclosure

dYdX v4 (dYdX Chain)'s assessment for RD-F-177 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No evidence found in any post-mortem or incident review that a disclosed vulnerability was reported to the dYdX v4 team and ignored before an exploit or incident. Apr 2024 chain halt: release engineering error (wrong IAVL library version), not a security disclosure. Oct 2025 incident: latent logic bug triggered by an edge-case market event, not a known-reported vulnerability. Feb 2026 supply-chain: external credential compromise, not an ignored internal security disclosure. Green.

Sources #

URL
Malicious dYdX Packages Published to npm and PyPIFeb 2026 supply-chain — external credential compromise, not ignored disclosureretrieved 2026-05-17
URL
October 2025: dYdX Chain Incident Review & Community UpdateOct 2025 incident review — no prior disclosure of the bugretrieved 2026-05-17

Methodology #

Determine whether evidence exists in prior-incident post-mortems that a disclosed vulnerability was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dydx-v4 factor RD-F-177 score green collected_at 2026-05-17 09:58:47