Disclosure SLA public

Sky Lending (formerly MakerDAO)'s assessment for RD-F-176 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No formal acknowledgment-time SLA published in the Immunefi Sky program page or on developers.skyeco.com. Immunefi program statistics show '16 hours' median resolution — an observed metric, not a committed SLA. Program specifies payout timing (~1 calendar month after bug validation) but not ack timing. No '72-hour acknowledgment' or equivalent commitment found. Yellow: no explicit SLA, but program maturity (18 paid reports, $10M max, MCD_VAT in scope) implies responsive process.

Sources #

URL
Sky Protocol Security OverviewSky security overview (developers.skyeco.com) — no SLA mentioned; defers entirely to Immunefiretrieved 2026-04-28
URL
Sky Bug Bounties — ImmunefiImmunefi Sky program page — no formal SLA commitment statedretrieved 2026-04-28

Methodology #

Determine whether the protocol publishes an acknowledgment-time SLA for disclosed vulnerabilities (e.g., 72h ack).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sky-lending factor RD-F-176 score yellow collected_at 2026-04-28 00:43:18