Ignored bounty disclosure

Aave v3's assessment for RD-F-008 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No evidence of any prior incident where a disclosed vulnerability was reported and ignored before exploit. Nov 2023 stable-rate vulnerability was responsibly disclosed and patched with no exploit. Aug 2024 periphery exploit involved a novel finding, not a prior ignored disclosure.

Sources #

Governance
Periphery Contracts Incident August 28, 2024Aug 2024 periphery incidentretrieved 2026-04-27
Governance
Aave v2/v3 Security Incident 04-11-2023Nov 2023 security incident post-mortemretrieved 2026-04-27

Methodology #

Determine whether any prior post-mortem documents a disclosed vulnerability that was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aave-v3 factor RD-F-008 score green collected_at 2026-04-27 23:28:46