Disclosure channel exists

Pendle Finance's assessment for RD-F-175 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Two concurrent active bug bounty programs: (1) Immunefi — max $250K, public, PoC required, active. (2) Cantina — max $1M for critical (10% of economic impact, min $100K), covers Pendle V2 contracts across 9 chains, SEAL safe harbor adopted. Cantina notes >$20K in goodwill awards to researchers, evidencing active monitoring and response. Both are publicly accessible disclosure channels.

Sources #

URL
Cantina — Pendle Finance Bug Bounty ($1M max critical)Cantina Pendle bounty — $1M max critical, SEAL safe harbor, goodwill awards evidencing monitoringretrieved 2026-04-29
URL
https://immunefi.com/bug-bounty/pendle/scope/retrieved 2026-05-06

Methodology #

Determine whether the protocol publishes a public security disclosure channel (security@ email, Immunefi program, in-house disclosure page).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pendle factor RD-F-175 score green collected_at 2026-04-28 21:09:40