Disclosure SLA public

Beefy Finance's assessment for RD-F-176 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No explicit acknowledgment-time SLA (e.g., '72-hour acknowledgment', '5-day response commitment') is published in Beefy's docs or on the Immunefi program page. The Immunefi program implies an embargo process (public disclosure of unpatched vulnerability is prohibited) but does not specify a formal SLA for researcher acknowledgment. No response-time commitment was found in SAFU practices or bug-bounty docs. Yellow — disclosure channel exists but SLA transparency is absent.

Sources #

Docs
Beefy Bug Bounty Program docs (SLA absent)docs.beefy.finance/safety/bug-bounty-program — no SLA stated; Discord secondary channel onlyretrieved 2026-05-16
URL
Beefy Finance Bug Bounty Program — Immunefi (SLA absent)Immunefi program page — no explicit SLA published; embargo clause present but no acknowledgment timeline statedretrieved 2026-05-16

Methodology #

Determine whether the protocol publishes an acknowledgment-time SLA for disclosed vulnerabilities (e.g., 72h ack).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol beefy factor RD-F-176 score yellow collected_at 2026-05-16 13:10:30