Ignored bounty disclosure

Hyperlane's assessment for RD-F-008 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

April 2026 ERC4626 insolvency disclosure (issue #8589, filed 2026-04-14): reporter could not find SECURITY.md, security email, or GitHub private vulnerability reporting; resorted to opening a public GitHub issue tagging individual team members. Disclosure channel failure — but no confirmed fund loss or pre-exploit ignore. Yellow: problematic disclosure response but not red (no confirmed ignored-before-exploit event).

Sources #

GitHub
Security: Critical vulnerability in warp route contracts — Issue #8589Issue #8589 filed 2026-04-14 — reporter unable to find secure channel, resorted to public issueretrieved 2026-05-17

Methodology #

Determine whether any prior post-mortem documents a disclosed vulnerability that was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperlane factor RD-F-008 score yellow collected_at 2026-05-16 23:03:56