Ignored bounty disclosure

Save (formerly Solend)'s assessment for RD-F-008 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No evidence found of a disclosed vulnerability being ignored before an exploit. The Dec 2021 Neodyme disclosure was responded to and patched within hours. The Aug 2022 OSEC rent-thief investigation did not result in significant user fund loss. No post-mortem evidence of ignored disclosures.

Sources #

URL
Bug in Solana Token Lending Contract FixedNeodyme SPL disclosure — patched promptlyretrieved 2026-05-17
URL
The Story of the Curious Rent Thief — OtterSecOSEC rent-thief — temporary mitigation appliedretrieved 2026-05-17

Methodology #

Determine whether any prior post-mortem documents a disclosed vulnerability that was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-008 score green collected_at 2026-05-17 15:20:15