Bug bounty scope gap on highest-TVL contracts

Sanctum's assessment for RD-F-183 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No public bug bounty program exists for Sanctum. Per methodology, when no bounty program exists (RD-F-007 red), RD-F-183 is gray because the factor presupposes a bounty scope to assess gaps in. The absence of any bounty for a $1.37B TVL protocol is captured by RD-F-007.

Sources #

URL
CertiK Skynet — SanctumCertiK Skynet — No third-party bounty program confirmedretrieved 2026-05-04

Methodology #

Determine whether the highest-TVL contracts of this protocol (especially shared primitives: OFT adapters, ZK verifiers, bridge inbox) are explicitly excluded from the protocol's active bug bounty scope.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sanctum factor RD-F-183 score gray collected_at 2026-05-04 18:49:23