Disclosure channel exists

Sky Lending (formerly MakerDAO)'s assessment for RD-F-175 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Immunefi bug bounty active at https://immunefi.com/bug-bounty/sky/ since 2022-02-10; last updated 2026-02-26. $10,000,000 maximum payout for critical smart contract vulnerabilities (10% of affected funds, min $150K). 216 assets in scope including MCD_VAT (core vault engine), MCD_DAI, MCD_SPOT, MCD_POT, MCD_FLAP, MCD_FLOP, MCD_VOW, MCD_JUG, oracle infrastructure. 18 paid reports confirmed ($603.2K total). Clear, active, highest-TVL contracts explicitly in scope.

Sources #

URL
Sky Bug Bounties — ImmunefiImmunefi Sky bug bounty — program page; active since 2022-02-10; last updated 2026-02-26retrieved 2026-04-28
URL
MakerDAO Launches Record $10M Bug Bounty Program On Immunefi — DecryptDecrypt: MakerDAO launches record $10M bug bounty on Immunefi — program launch announcement February 2022retrieved 2026-04-28
URL
Sky Bug Bounties Scope — ImmunefiImmunefi Sky scope page — MCD_VAT and 215 other assets confirmed in scoperetrieved 2026-04-28

Methodology #

Determine whether the protocol publishes a public security disclosure channel (security@ email, Immunefi program, in-house disclosure page).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sky-lending factor RD-F-175 score green collected_at 2026-04-28 00:43:18