defirisk.co
rubric v1.7.0

Bug bounty presence & max payout

BlackRock USD Institutional Digital Liquidity Fund (BUIDL)'s assessment for RD-F-007 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[PD-042 rescore 2026-05-12, v1.7.0+] Bug-bounty programs are a DeFi norm that does not apply to a permissioned institutional issuer; cybersecurity for this protocol type lives in SOC / HackerOne-corporate channels outside the DeFi rubric. Scored not_applicable per PD-042 factor-flip catalog (Cat 1 RWA-issuer subset). ORIGINAL EVIDENCE (preserved from v1.6.0 grading): No public bug bounty program for BUIDL or Securitize tokenization platform. Immunefi returns no result. BlackRock HackerOne (hackerone.com/blackrock) covers corporate IT only, not smart contracts. No Cantina, Sherlock, or Code4rena contest found for BUIDL.

Sources #

  • URL
    https://hackerone.com/blackrockretrieved 2026-04-26
  • URL
    https://immunefi.comretrieved 2026-04-26

Methodology #

Check whether a public bug bounty program is active for this protocol and record the maximum payout in USD.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol blackrock-buidl factor RD-F-007 score not_applicable collected_at 2026-05-12 09:40:42