Leaked credential on paste/sentry site

JustLend DAO's assessment for RD-F-164 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Leaked credential on paste/sentry site — P2 signal; applicable in principle (JustLend GitHub org credentials, oracle poster API keys, domain DNS keys could leak). Data cache security_md_present = false — no formal credential-rotation or disclosure process documented. No public paste-site alert found in this session. Paste/credential monitoring not in production pipeline for JustLend.

Sources #

GitHub
JustLend Protocol GitHub — security.md absentJustLend Protocol GitHub — security_md_present = false (data cache); no SECURITY.md means no formal credential-rotation or disclosure policy publishedretrieved 2026-05-17

Methodology #

Determine whether a public paste site, Sentry-alt, or credential-dump references protocol infrastructure endpoints or API keys.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol justlend factor RD-F-164 score gray collected_at 2026-05-17 10:25:32