Bug bounty presence & max payout

M^0's assessment for RD-F-007 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No active public bug bounty program identified at $325.5M TVS. Immunefi: no M0 listing. Cantina: no M0 listing. docs.m0.org audits page: no mention of bounty. No security@ email published. KAST on Immunefi is an ecosystem extension (solana-m-extensions), not M^0 core. Structural absence of whitehat economic incentive at this TVL tier.

Sources #

URL
M^0 Technical AuditsM0 security/audits page — no bounty mentionretrieved 2026-05-16
URL
Immunefi Bug Bounty ProgramsImmunefi bug bounty search — no M0 resultretrieved 2026-05-16
URL
Cantina BountiesCantina bounties — no M0 listingretrieved 2026-05-16

Methodology #

Check whether a public bug bounty program is active for this protocol and record the maximum payout in USD.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol m0 factor RD-F-007 score red collected_at 2026-05-16 09:46:19