Disclosure SLA public

M^0's assessment for RD-F-176 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No acknowledgment-time SLA published for vulnerability disclosures. No SECURITY.md exists (SECURITY.md 404), no Immunefi core-protocol program (which would carry a platform SLA), no disclosure policy document on docs.m0.org. The docs 'Disclosures' page contains legal/investment disclaimers only — no security reporting SLA. The KAST Immunefi program (Solana-only) does not state an explicit acknowledgment SLA. No SLA published = red.

Sources #

URL
Immunefi KAST Information — no SLA for Ethereum coreImmunefi KAST information page — no acknowledgment SLA stated; Solana-only scope means SLA not applicable to Ethereum coreretrieved 2026-05-16
Docs
M^0 Disclosures Page — legal disclaimers, no security SLAdocs.m0.org/get-started/resources/disclosures/ — legal disclaimers only, no security SLA or vulnerability reporting policyretrieved 2026-05-16

Methodology #

Determine whether the protocol publishes an acknowledgment-time SLA for disclosed vulnerabilities (e.g., 72h ack).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol m0 factor RD-F-176 score red collected_at 2026-05-16 09:46:19