defirisk.co
rubric v1.7.0

Prior known-ignored disclosure

Lista DAO's assessment for RD-F-177 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No evidence found that a disclosed vulnerability was reported to Helio/Lista team and ignored prior to exploitation. Dec-2022 incident caused by Ankr external deployer-key compromise and Helio oracle latency — not a previously-reported code vulnerability. Halborn post-mortem and Helio team statements do not reference any prior responsible-disclosure that was not actioned. Hack DB field 'Exploited code in scope? No — deployer key compromise is an operational security failure, not a code vulnerability.' Green: no evidence of ignored disclosure.

Sources #

  • URL
    Halborn — Ankr and Helio Hacks ExplainedHalborn post-mortem — no ignored disclosure mentionedretrieved 2026-05-12
  • Internal
    Hack DB — off-chain key compromise, not prior-disclosed code vulnerabilityhacksdatabase/hacks/ankr-helio-rekt.md — Dashboard Risk Factors table field: Exploited code in scope = Noretrieved 2026-05-12

Methodology #

Determine whether evidence exists in prior-incident post-mortems that a disclosed vulnerability was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lista-dao factor RD-F-177 score green collected_at 2026-05-12 17:54:05