defirisk.co
rubric v1.7.0

Disclosure SLA public

Lombard Finance's assessment for RD-F-176 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No explicit acknowledgment-time SLA published on Lombard docs or Immunefi program page. Docs state 'responsible disclosure through Immunefi only' and 'public disclosure before remediation disqualifies the submission.' Immunefi program page states Category 3 (Approval Required) for publication but specifies no acknowledgment timeline (e.g., 72h ack). Per methodology: red = no SLA published.

Sources #

  • Docs
    https://docs.lombard.finance/learn/security/bug-bountyretrieved 2026-05-05
  • URL
    https://immunefi.com/bug-bounty/lombard-finance/information/retrieved 2026-05-05

Methodology #

Determine whether the protocol publishes an acknowledgment-time SLA for disclosed vulnerabilities (e.g., 72h ack).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lombard factor RD-F-176 score red collected_at 2026-05-05 12:03:08