Disclosure SLA public

Polymarket's assessment for RD-F-176 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No publicly stated acknowledgment-time SLA (e.g., 72h ack) found in the Immunefi program description or Polymarket docs. Immunefi's standard framework provides general guidance but Polymarket has not committed to a specific SLA. Template: red = no SLA published.

Sources #

Docs
Polymarket Documentation — no disclosure SLA foundPolymarket docs (docs.polymarket.com) — no security SLA page or disclosure window publishedretrieved 2026-04-29
Curator note
Dead — Immunefi bug-bounty page for Polymarket no longer accessible at /bug-bounty/polymarket/information/ or the parent /bug-bounty/polymarket path (both 404). No archive.org snapshot accessible. Curator should re-cite from a current Polymarket bug-bounty disclosure (HackerOne, GitHub SECURITY.md, or in-app program page) rather than substitute a different bounty program. [dead-link, original: https://immunefi.com/bug-bounty/polymarket/information/]retrieved 2026-05-06

Methodology #

Determine whether the protocol publishes an acknowledgment-time SLA for disclosed vulnerabilities (e.g., 72h ack).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-176 score red collected_at 2026-04-29 16:25:39