Disclosure channel exists
OpenEden's assessment for RD-F-175 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No public security disclosure channel found after comprehensive search. (1) docs.openeden.com — no security section on root, trust-and-transparency, or FAQ pages. (2) openeden.com/security — 404. (3) SECURITY.md absent from GitHub repo OpenEdenHQ/openeden.vault.audit (cache security_md_present:false; GitHub security advisories confirm 'There aren't any published security advisories'). (4) Immunefi: 404 on direct slug; not in /explore listing of 223+ programs. (5) Sherlock, Cantina, HackenProof: no program found. (6) No security@ email or dedicated SIRT contact published. Only general Telegram/X community contact exists. This is the primary Cat 13 exposure, analogous to circle-usyc and spiko.
Sources #
- URLOpenEden docs root — no security disclosure pathdocs.openeden.com root — no security section or disclosure channel mentionedretrieved 2026-05-16
- GitHub — OpenEden vault audit security advisories pageOpenEdenHQ/openeden.vault.audit security advisories: 'There aren't any published security advisories'; SECURITY.md absentretrieved 2026-05-16
- Immunefi — OpenEden not found in bug bounty directoryImmunefi /explore search — OpenEden not listed; direct slug 404retrieved 2026-05-16
- Data cache — security_md_present false, no bug bounty URL00-data-cache.json sources.github.security_md_present:false; sources.bug_bounty.url:nullretrieved 2026-05-16
Methodology #
Determine whether the protocol publishes a public security disclosure channel (security@ email, Immunefi program, in-house disclosure page).
See the full factor methodology and distribution across all protocols →