Disclosure channel exists

stHYPE (Valantis Labs)'s assessment for RD-F-175 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No public security disclosure channel for stHYPE LST core contracts. Transparency-and-risks page explicitly states: 'stHYPE currently does not run an active public bug bounty program.' No security@ email, no security.txt, no Immunefi program (pipeline bug_bounty.platform: null). Remedy 'valantis-stex' program covers STEX AMM peripheral contracts (stHYPEWithdrawalModule, STEXAMM) — NOT the stHYPE LST core (stHYPE ERC-20, OverseerV1, wstHYPE). Hyperliquid L1 bug bounty (hyperliquid.gitbook.io) is not a Valantis/stHYPE program. Legacy docs.stakedhype.fi/technical/security 301-redirects to general overview with no security contact. At ~$144M TVL, the absence of any LST-core disclosure mechanism is a genuine hygiene gap.

Sources #

URL
Transparency and Risks | Valantis DocumentationExplicit statement: 'stHYPE currently does not run an active public bug bounty program'retrieved 2026-05-17
URL
Remedy Bug Bounty — Valantis STEXRemedy Valantis STEX program — covers STEX AMM peripheral contracts, not stHYPE LST coreretrieved 2026-05-17

Methodology #

Determine whether the protocol publishes a public security disclosure channel (security@ email, Immunefi program, in-house disclosure page).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol staked-hype factor RD-F-175 score red collected_at 2026-05-17 13:02:38