Disclosure channel exists
QuickSwap's assessment for RD-F-175 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Two historical bug bounty programs identified: (1) V3 Beta up to $100K in New QUICK via Google Forms (launched October 2022, duration: beta to mainnet); (2) New UI Alpha up to $50K via Google Forms. Neither is hosted on Immunefi, Cantina, or Sherlock. Both appear time-limited rather than permanent. No currently-active program confirmed (data cache bug_bounty.platform: null, url: null). No SECURITY.md in GitHub repo (cache security_md_present: false). No security@ email or designated SIRT contact found in docs. DeFiSafety references '$50K static bug bounty' likely referring to the historical UI program. Yellow: informal disclosure channels exist historically but no persistent, standard industry-channel program is currently active.
Sources #
- URL$100k Bug Bounty for QuickSwap's V3 Beta: Dragons Eat BugsQuickSwap V3 Beta bug bounty Medium post — $100K via Google Forms, time-limited to beta periodretrieved 2026-05-16
- QuickSwap's New UI Alpha $50,000 Bug BountyQuickSwap New UI Alpha $50K bug bounty Medium post — Google Forms, frontend only, time-limitedretrieved 2026-05-16
- QuickSwap data cache — bug bounty and security MD fields00-data-cache.json sources.bug_bounty: {platform: null, max_payout_usd: null, url: null} and sources.github.security_md_present: falseretrieved 2026-05-16
Methodology #
Determine whether the protocol publishes a public security disclosure channel (security@ email, Immunefi program, in-house disclosure page).
See the full factor methodology and distribution across all protocols →