Disclosure SLA public

Dolomite's assessment for RD-F-176 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

72-hour acknowledgment SLA publicly stated on bug bounty docs page. 30-day researcher confidentiality window stated. However, no full disclosure timeline published for: fix development SLA, public disclosure timeline after fix, or payout tier amounts (OWASP methodology referenced but no USD amounts). Program is self-hosted with no independent third-party verification. Max payout not disclosed — for a $189M TVL protocol, undisclosed payout limits reduce transparency of the program's materiality. Scoring yellow: acknowledgment SLA published (positive indicator) but fix-and-disclosure cadence and payout tiers absent.

Sources #

URL
Bug Bounty — Dolomite DocumentationDolomite bug bounty page — 72h acknowledgment SLA, OWASP methodology, no USD tiersretrieved 2026-05-16

Methodology #

Determine whether the protocol publishes an acknowledgment-time SLA for disclosed vulnerabilities (e.g., 72h ack).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dolomite factor RD-F-176 score yellow collected_at 2026-05-16 11:12:56