Disclosure SLA public

Liquity V1 + V2 (LUSD / BOLD)'s assessment for RD-F-176 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No explicit acknowledgment-time SLA is published. The Cantina bounty page instructs researchers to report within 24 hours of discovery (researcher obligation) but states no team response commitment (e.g., 72h ack, 5-day triage window, 30-day remediation window). The security docs page (docs.liquity.org/v2-documentation/security) confirms security@liquity.org but includes no SLA language. In practice, the Feb 2025 pre-launch disclosure was actioned same-day — faster than most published SLAs — demonstrating strong response culture without a formal commitment.

Sources #

Docs
Security | Liquity DocsLiquity v2 security docs page — security@liquity.org confirmed, no SLA text foundretrieved 2026-05-16
URL
Liquity / Liquity bounty — Cantina.xyzCantina bounty page reviewed — researcher submission guidance found but no team SLA commitment publishedretrieved 2026-05-16

Methodology #

Determine whether the protocol publishes an acknowledgment-time SLA for disclosed vulnerabilities (e.g., 72h ack).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol liquity factor RD-F-176 score yellow collected_at 2026-05-16 10:35:50