Bug bounty presence & max payout

Cap (cUSD / stcUSD)'s assessment for RD-F-007 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Sherlock Bug Bounty live since 2025-10-24, max payout $1,000,000 USDC (audits.sherlock.xyz/bug-bounties/114). Exceeds the green threshold (≥$500K). No Immunefi program exists per data cache.

Sources #

Internal
Data Cache — Bug Bounty Section00-data-cache.json — bug_bounty.platform: null (no Immunefi); profile §9retrieved 2026-05-17
URL
Cap Sherlock Bug BountySherlock Bug Bounty program — $1M USDC max, live since 2025-10-24retrieved 2026-05-17

Methodology #

Check whether a public bug bounty program is active for this protocol and record the maximum payout in USD.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol cap factor RD-F-007 score green collected_at 2026-05-17 10:56:24