Prior known-ignored disclosure

Raydium's assessment for RD-F-177 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No evidence of any disclosed vulnerability being ignored before exploitation. The December 2022 exploit was an operational/key-management failure, not a code vulnerability that had been disclosed and ignored. Both Immunefi whitehack findings (CLMM tick manipulation Jan 2024; CPMM liquidity drain, disclosed/published May 2025) were patched before exploitation and maximum bounties paid. No post-mortem references a prior disclosure that was disregarded.

Sources #

URL
Raydium Detailed Post-MortemRaydium post-mortem — Dec 2022 was key compromise, not ignored code disclosureretrieved 2026-04-29
URL
Raydium Tick Manipulation Bugfix ReviewImmunefi tick manipulation review — patched before exploitationretrieved 2026-04-29
URL
Raydium Liquidity Drain Bugfix ReviewImmunefi liquidity drain review — patched before exploitationretrieved 2026-04-29

Methodology #

Determine whether evidence exists in prior-incident post-mortems that a disclosed vulnerability was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol raydium factor RD-F-177 score green collected_at 2026-04-29 12:31:55