Disclosure channel exists
Meteora's assessment for RD-F-175 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No confirmed active public security disclosure channel found as of 2026-05-16. Direct checks: (1) Immunefi program URL immunefi.com/bug-bounty/meteora/ returns 404; immunefi.com/bug-bounty/meteora/information/ returns 404; (2) Immunefi 223-program live listing does not include Meteora; (3) data-cache bug_bounty.platform = null, bug_bounty.url = null; (4) SECURITY.md: security_md_present = false; (5) docs.meteora.ag/security-and-risks/smart-contract-risk returns 404; (6) no security@ email found in GitHub or docs. Secondary sources claiming a $500K Immunefi bounty exist but are unverified by Immunefi's own platform — treated as stale/inaccurate reporting.
Sources #
- GitHubMeteoraAg GitHub organizationMeteoraAg GitHub org: no SECURITY.md found in any public repository listing; audits repo contains no security contact informationretrieved 2026-05-16
- Immunefi bug bounty program listingImmunefi bug bounty directory (223 programs) — Meteora not listedretrieved 2026-05-16
- Meteora data-cache: bug bounty and security fields00-data-cache.json: bug_bounty.platform = null, bug_bounty.url = null, security_md_present = falseretrieved 2026-05-16
Methodology #
Determine whether the protocol publishes a public security disclosure channel (security@ email, Immunefi program, in-house disclosure page).
See the full factor methodology and distribution across all protocols →