CVE/GHSA advisory issued against protocol

Ondo Finance's assessment for RD-F-178 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No CVE, GHSA, or equivalent public advisory found against Ondo Finance contracts. Web search and data cache confirm zero exploits and no public advisory records. [?] GHSA database not directly queried for ondoprotocol/usdy or flux-finance/contracts — gap, but given zero exploits this is low probability. **Green (no evidence of CVE/advisory).** --- ## Supplemental findings and flags ### GitHub freeze period (Cat 5 context) The `ondoprotocol/usdy` GitHub repo (the primary public OUSG/USDY codeb...

Sources #

URL
https://rekt.newsretrieved 2026-04-28
Etherscan
https://etherscan.io/address/0xF16c188c2D411627d39655A60409eC6707D3d5e8retrieved 2026-04-28
URL
https://immunefi.com/bug-bounty/ondofinance/retrieved 2026-04-28
URL
https://www.cryptoinamerica.com/p/sec-ends-two-year-investigation-intoretrieved 2026-04-28

Methodology #

Determine whether a CVE, GHSA, or equivalent public advisory has been issued against this protocol or its code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ondo-finance factor RD-F-178 score gray collected_at 2026-05-14 12:01:55