Prior known-ignored disclosure

Sky Lending (formerly MakerDAO)'s assessment for RD-F-177 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No evidence any prior disclosed vulnerability was reported to MakerDAO/Sky and ignored before exploitation. The April 2019 DSChief critical flaw is the definitive test case: OpenZeppelin notified MakerDAO April 26 2019; remediation plan April 30; patch reviewed May 2; patched contract deployed and funds migrated before public announcement May 6. Disclosure acted on within 4 days of notification. Black Thursday was an emergent market failure, not a previously-disclosed vulnerability that was ignored.

Sources #

URL
MakerDAO Critical Vulnerability — OpenZeppelin (May 6, 2019)OpenZeppelin DSChief disclosure — notified April 26; remediation April 30; patch reviewed May 2; deployed before public announcement May 6, 2019retrieved 2026-04-28

Methodology #

Determine whether evidence exists in prior-incident post-mortems that a disclosed vulnerability was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sky-lending factor RD-F-177 score green collected_at 2026-04-28 00:43:18