Incident response time (minutes)

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-085 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

RouteProcessor2 (most recent incident, 2023-04-08): HYDN identified vulnerability night of April 8 and contacted Head Chef Jared Grey. Grey confirmed publicly approximately 1 hour after the report ('Sushi's RouteProcessor2 contract has an approval bug; please revoke approval ASAP'). UI was rolled back the same night. War Room established between SushiSwap and HYDN same night. Response time estimated <60 minutes from first internal identification to public statement — exceptionally fast by DeFi standards.

Sources #

URL
RouteProcessor2 Post Mortem (sushi.com)SushiSwap RouteProcessor2 post-mortem — response timelineretrieved 2026-05-17
URL
How HYDN Rescued $600k Worth of User Funds For SushiSwap (HYDN Blog)HYDN rescue writeup — timeline of initial responseretrieved 2026-05-17

Methodology #

Measure the time in minutes from the first exploit transaction to the first official team statement for the most recent incident.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-085 score green collected_at 2026-05-16 19:50:37