Bug bounty presence & max payout

Venus Protocol's assessment for RD-F-007 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Venus docs state 'we offer a bug bounty program' but no URL, platform, or payout cap is published. Immunefi search returns 404. Data cache confirms bug_bounty.platform=null and bug_bounty.max_payout_usd=null. At $1.26B TVL, the absence of a quantified platform-hosted bounty is a material gap.

Sources #

URL
Immunefi Venus page — not foundImmunefi Venus bug bounty page (404)retrieved 2026-04-28
Docs
Venus security-and-audits.md — bug bounty claimed without URLVenus security-and-audits docsretrieved 2026-04-28
Etherscan
Data cache confirming bug_bounty.platform=nullData cache bug_bounty sectionretrieved 2026-04-28

Methodology #

Check whether a public bug bounty program is active for this protocol and record the maximum payout in USD.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol venus factor RD-F-007 score yellow collected_at 2026-04-28 18:30:49