Disclosure channel exists

mETH Protocol's assessment for RD-F-175 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

A public Immunefi bug bounty program exists at immunefi.com/bug-bounty/mETH/ — a valid disclosure channel. However, no dedicated security email, no security.txt, and no SECURITY.md in GitHub repo (cache security_md_present:false). No direct security contact beyond Immunefi's intermediary. For a $535M TVL protocol at 29 months of operation, Immunefi-only disclosure channel without a direct contact path is a maturity gap. Scored yellow.

Sources #

Docs
mETH Protocol Official Linksdocs.mantle.xyz/meth/additional-documents/official-links — no security contact email listedretrieved 2026-05-16
URL
mETH Protocol Bug Bounties — ImmunefiImmunefi mETH bug bounty program — confirms disclosure channel existsretrieved 2026-05-16
GitHub
mantle-lsp/contracts GitHub Repositorygithub.com/mantle-lsp/contracts — no SECURITY.md present; cache security_md_present:false confirmedretrieved 2026-05-16

Methodology #

Determine whether the protocol publishes a public security disclosure channel (security@ email, Immunefi program, in-house disclosure page).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol meth-protocol factor RD-F-175 score yellow collected_at 2026-05-16 02:17:50