Disclosure SLA public

Fluid's assessment for RD-F-176 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No explicit acknowledgment SLA published by Fluid/Instadapp. Immunefi program page (Category 3: Approval Required) does not state a specific SLA (e.g., '72h acknowledge'). GitHub repo has no SECURITY.md (data cache: security_md_present: false). No standalone disclosure policy page found via web search. Immunefi default response expectations apply but no protocol-committed SLA exists.

Sources #

Internal
Fluid Data Cache — security_md_present falseData cache: github.security_md_present: false — no SECURITY.md in fluid-contracts-public reporetrieved 2026-04-29
URL
Immunefi — Instadapp Bug Bounties ProgramImmunefi program page — no acknowledgment SLA stated; Category 3 Approval Required onlyretrieved 2026-04-29

Methodology #

Determine whether the protocol publishes an acknowledgment-time SLA for disclosed vulnerabilities (e.g., 72h ack).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol fluid factor RD-F-176 score yellow collected_at 2026-04-29 10:35:01