Disclosure SLA public

Maple Finance's assessment for RD-F-176 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No explicit written SLA for acknowledgment-time published by Maple (e.g., 72h ack commitment). Immunefi platform standard implies some SLA by convention but Maple has not publicly committed to a specific window.

Detail #

Maple's security docs page and Immunefi program description do not state a specific acknowledgment-time SLA. Immunefi's platform infrastructure has its own standard processes but these are platform defaults, not Maple-specific commitments. No evidence of a publicly stated SLA found in docs, blog, or Immunefi program text as of 2026-04-27. Yellow threshold: SLA stated but not tested or SLA > 72h. Here the situation is: no SLA stated at all — which is effectively worse than yellow on the methodology scale, but given that an active program exists and the email channel is present, yellow is appropriate over red (red would require no disclosure channel at all or explicit evidence of non-response).

Sources #

Docs
Security | Maple Finance DocsMaple security docs (no SLA stated)retrieved 2026-04-27
URL
Maple Bug Bounties | ImmunefiImmunefi — Maple program (no SLA stated in description)retrieved 2026-04-27

Methodology #

Determine whether the protocol publishes an acknowledgment-time SLA for disclosed vulnerabilities (e.g., 72h ack).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol maple-finance factor RD-F-176 score yellow collected_at 2026-04-27 05:38:08