Disclosure SLA public

Orca's assessment for RD-F-176 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No acknowledgment-time SLA is stated on the Immunefi program page or in SECURITY.md. Immunefi's platform imposes SLA enforcement (projects can be removed for SLA breakage), providing an implicit framework, but Orca has not published its own explicit acknowledgment window (e.g., '48h ack'). Yellow threshold: SLA stated but not tested or >72h. Absence of an explicit published SLA places this in yellow rather than green.

Sources #

URL
Immunefi Orca program info page — no acknowledgment-time SLA statedhttps://immunefi.com/bug-bounty/orca/information/retrieved 2026-05-16
URL
Immunefi platform rules — implicit SLA enforcement frameworkhttps://immunefi.com/rules/retrieved 2026-05-16

Methodology #

Determine whether the protocol publishes an acknowledgment-time SLA for disclosed vulnerabilities (e.g., 72h ack).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol orca factor RD-F-176 score yellow collected_at 2026-05-16 02:39:16