Leaked credential on paste/sentry site
Falcon Finance's assessment for RD-F-164 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Leaked credential on paste/sentry site | Applicable: Yes (Fireblocks/Ceffu API keys and admin wallet keys are high-value targets) | Paste monitoring not configured. No public credential dump referencing Falcon Finance infrastructure identified. No public GitHub so no SECURITY.md. Not assessable.
Detail #
Paste monitoring (Pastebin, GitHub gist, dark-web paste sites) is not configured for this static assessment. No public paste-site or credential dump referencing Falcon Finance infrastructure (Fireblocks API endpoints, Ceffu MirrorX credentials, admin wallet mnemonics) identified from accessible public sources. Falcon Finance has no public GitHub repository and no SECURITY.md disclosure channel published — meaning any leaked credential finding would have no formal reporting path. Data cache: github.security_md_present: false. The closed-source posture and off-chain custody model make credential leak monitoring particularly important (attack surface is not just smart contracts but institutional custodian credentials).
Sources #
- Curator noteFalcon Finance data cache — security_md_present: false.research/protocols/falcon-finance/00-data-cache.json §sources.github.security_md_present: falseretrieved 2026-05-12
- Curator note: paste monitoring not deployed, no SECURITY.mdPaste monitoring not configured; no public credential leak found from Falcon Finance infra; no SECURITY.md published; off-chain custody (Fireblocks/Ceffu) creates credential-leak attack surface outside on-chain monitoringretrieved 2026-05-12
Methodology #
Determine whether a public paste site, Sentry-alt, or credential-dump references protocol infrastructure endpoints or API keys.
See the full factor methodology and distribution across all protocols →