Prior known-ignored disclosure

Marinade Finance's assessment for RD-F-177 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Forum incident report documents that the Shiroi project attempted to contact Marinade leadership via Twitter, Discord, and Telegram before publishing the May 9, 2025 community disclosure. Forum states no response was received from Marinade team. A GitHub issue documenting the vulnerability also appears to have been unactioned before public disclosure. This is directionally consistent with a delayed/ignored disclosure. However, the SAM bug was an ongoing operational drain (not a smart-contract exploit that exploded post-disclosure), so the risk profile differs from a classic ignored-disclosure-leading-to-exploit. Yellow: evidence of delayed response to a disclosed operational issue; below confirmed ignored-pre-exploit threshold.

Sources #

URL
Incident Report: 37,000 SOL in Losses — Marinade Governance ForumForum incident report — documents outreach attempts and lack of Marinade response before public disclosureretrieved 2026-05-16

Methodology #

Determine whether evidence exists in prior-incident post-mortems that a disclosed vulnerability was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol marinade factor RD-F-177 score yellow collected_at 2026-05-16 08:48:35