defirisk.co
rubric v1.7.0

Ignored bounty disclosure

Liquity V1 + V2 (LUSD / BOLD)'s assessment for RD-F-008 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No evidence of ignored bounty disclosure for either v1 or v2. The Feb 2025 Stability Pool vulnerability was discovered internally before mainnet launch and immediately actioned (full halt + redeployment). v1 has zero exploits in 5 years of immutable operation. Rekt database shows no incidents.

Sources #

  • Internal
    Liquity data cache Rekt incidents field00-data-cache.json sources.rekt.incidents = [] (no Rekt incidents)retrieved 2026-05-16
  • URL
    Liquity V2 Redeployment (blog post)v2 redeployment blog describing responsible internal discovery of Stability Pool vulnerabilityretrieved 2026-05-16

Methodology #

Determine whether any prior post-mortem documents a disclosed vulnerability that was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol liquity factor RD-F-008 score green collected_at 2026-05-16 10:35:50