Disclosure channel exists
Spiko's assessment for RD-F-175 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No public security-disclosure channel found. Immunefi returns 404 for /bug-bounty/spiko/. Bugcrowd and HackerOne searches find no Spiko program. Data-cache bug_bounty.platform: null and max_payout_usd: null. No SECURITY.md in the spiko-tech/contracts GitHub repository (confirmed by direct fetch returning 404; data-cache github.security_md_present: false). No security@ email found in spiko.io footer or docs.spiko.io. Profile §9 explicitly flagged this gap. For a $1.22B TVS protocol across seven chains and three codebases, the absence of any structured security-disclosure channel is a material gap.
Sources #
- InternalSpiko data cache — bug bounty and GitHub security fields00-data-cache.json sources.bug_bounty.platform: null; sources.github.security_md_present: falseretrieved 2026-05-16
- Spiko Documentationdocs.spiko.io — no security policy, contact, or disclosure program foundretrieved 2026-05-16
- Immunefi — Spiko bug bounty program (not found)Immunefi /bug-bounty/spiko/ returns HTTP 404 — no program existsretrieved 2026-05-16
Methodology #
Determine whether the protocol publishes a public security disclosure channel (security@ email, Immunefi program, in-house disclosure page).
See the full factor methodology and distribution across all protocols →