Disclosure channel exists

Polymarket's assessment for RD-F-175 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Immunefi bug bounty program active at https://immunefi.com/bug-bounty/polymarket/ since April 22 2024, last updated January 24 2025. Immunefi Standard Badge awarded. Trust Security submitted a vulnerability in 2024 and received a $500 good-faith bounty, confirming the channel is operational. Disclosure channel exists and is functional.

Sources #

URL
https://www.schneier.com/blog/archives/2026/05/hacking-polymarket.htmlretrieved 2026-05-06
Curator note
Dead — Immunefi bug-bounty page for Polymarket no longer accessible at /bug-bounty/polymarket/information/ or the parent /bug-bounty/polymarket path (both 404). No archive.org snapshot accessible. Curator should re-cite from a current Polymarket bug-bounty disclosure (HackerOne, GitHub SECURITY.md, or in-app program page) rather than substitute a different bounty program. [dead-link, original: https://immunefi.com/bug-bounty/polymarket/information/]retrieved 2026-05-06

Methodology #

Determine whether the protocol publishes a public security disclosure channel (security@ email, Immunefi program, in-house disclosure page).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-175 score green collected_at 2026-04-29 16:25:39