Ignored bounty disclosure

Dolomite's assessment for RD-F-008 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The March 2024 exploit targeted a 2019 legacy contract deprecated ~2020, not the current v2 system. Post-mortem published by Corey Caplan. No evidence of a whitehat disclosure ignored by the team prior to this exploit. The exploit vector (callFunction reentrancy on old legacy contract) was not a reported vulnerability that the team failed to act on.

Sources #

URL
Legacy Smart Contract Vulnerability Post Mortem AnalysisDolomite post-mortem on March 2024 legacy contract exploitretrieved 2026-05-16

Methodology #

Determine whether any prior post-mortem documents a disclosed vulnerability that was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dolomite factor RD-F-008 score green collected_at 2026-05-16 11:12:56