Post-mortem published within 30 days

A operational history factor in the v1.7.0 rubric. Measured per protocol on a e cadence.

Methodology how we score #

**What this measures** This factor records whether the protocol published a public post-mortem within thirty days of its most recent exploit. The Boolean is set to true only when a post-mortem is publicly accessible (blog post, governance forum thread, or equivalent) and contains at minimum a timeline of the incident, identification of the root cause, and a description of the remediation steps taken or planned. Partial disclosures (e.g., brief tweets with no technical detail) do not satisfy the criterion.

**Why it matters** A timely, detailed post-mortem serves three depositor-protection functions. First, it demonstrates that the team understood what failed -- a prerequisite for fixing it. Second, it creates an accountability record that allows the community to verify whether the stated fix was actually deployed. Third, it informs the broader ecosystem about a new vulnerability class, reducing the probability of the same vector being exploited on sister protocols. Twelve of the thirteen audited protocols in the dataset that were subsequently exploited had some form of post-mortem, but quality varied dramatically: Merlin DEX's CertiK audit marked a critical finding as resolved based on a verbal promise with no post-mortem verification; Elephant Money's Solidity Finance audit identified the exact vulnerability but the finding was not communicated to the team.

**Green / Yellow / Red** Green: post-mortem published within thirty days containing timeline, root cause, and remediation plan with on-chain verification of fix. Yellow: post-mortem published but after thirty days, or published on time but lacking root-cause technical depth or remediation verification. Red: no post-mortem published, or a statement issued that attributes the incident to external factors without acknowledging the internal vulnerability.

**Common gray cases** Protocols that deliver private post-mortems to institutional depositors but do not publish publicly are scored red on this factor, since depositor-protection requires public disclosure.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Determine whether a public post-mortem was published within 30 days of the most recent incident.

Data & output #

Data source

Protocol blog/docs/Mirror + publish date

Output format

Green / Yellow / Red

Evidence artifact

Post-mortem URL + publish date + days-after-incident

Confidence signal

green = published within 30 days; yellow = published 31–90 days after; red = >90 days or not published; gray = no prior incidents (N/A)

Scored protocols 80 carry this factor #

Protocol RD-F-082

Aave v3 ethereum green Across Protocol ethereum not_applicable Aerodrome Finance base yellow Axelar Network ethereum green Babylon Protocol bitcoin gray Balancer (v2 + v3) ethereum green Beefy Finance ethereum yellow BENQI avalanche not_applicable BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum gray Centrifuge ethereum gray Chainlink CCIP ethereum gray Circle USYC binance not_applicable Compound V3 (Comet) ethereum gray Concrete ethereum not_applicable Convex Finance ethereum yellow crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum green deBridge ethereum green Dolomite ethereum green dYdX v4 (dYdX Chain) dydx yellow EigenLayer ethereum green Ethena ethereum green ether.fi ethereum green Euler V2 ethereum green Falcon Finance ethereum gray Fluid ethereum red Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum gray Hyperlane ethereum gray Hyperliquid arbitrum green Jito solana gray Jupiter solana gray Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron not_applicable Kamino Lend solana gray Kinetiq hyperliquid not_applicable Lido ethereum green Liquid Collective (LsETH) ethereum not_applicable Liquity V1 + V2 (LUSD / BOLD) ethereum gray Lista DAO bsc yellow Lombard Finance ethereum gray M^0 ethereum gray Maple Finance ethereum yellow Marinade Finance solana yellow Meteora solana not_applicable mETH Protocol ethereum gray Midas ethereum gray Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum gray Ondo Finance ethereum gray OpenEden ethereum gray Orca solana not_applicable PancakeSwap bsc red Pendle Finance ethereum gray Polymarket polygon red QuickSwap polygon gray Raydium solana green Rocket Pool ethereum gray Sanctum solana gray Save (formerly Solend) solana green Sky Lending (formerly MakerDAO) ethereum yellow Spark Protocol ethereum gray Spiko stellar gray Stake DAO ethereum not_applicable StakeWise v3 ethereum gray Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid green SUNSwap (sun.io) tron not_applicable Superstate ethereum green Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum green Symbiotic ethereum gray Synapse Protocol ethereum yellow Uniswap (v2 + v3) ethereum gray USDD (Decentralized USD) tron not_applicable Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum not_applicable Venus Protocol bsc green Wormhole ethereum gray Yearn Finance ethereum green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.

rubric_version v1.7.0 factor RD-F-082 category 5 carried 80 critical no