Bug bounty scope gap on highest-TVL contracts

stHYPE (Valantis Labs)'s assessment for RD-F-183 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No active bug bounty program exists at all (confirmed via Immunefi search, docs, and cache). Per methodology template: 'gray = no bug bounty program exists (see RD-F-007).' F183 measures scope gap within an existing program; with no program, the scope-gap question is moot. The bug bounty absence is captured under RD-F-007 (red).

Sources #

Docs
Valantis stHYPE Transparency and Risks pagedocs.valantis.xyz/stakedhype/transparency-and-risks — 'no active bug bounty program'retrieved 2026-05-17
URL
Immunefi bounty directory — stHYPE not listedimmunefi.com/explore — not foundretrieved 2026-05-17

Methodology #

Determine whether the highest-TVL contracts of this protocol (especially shared primitives: OFT adapters, ZK verifiers, bridge inbox) are explicitly excluded from the protocol's active bug bounty scope.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol staked-hype factor RD-F-183 score gray collected_at 2026-05-17 13:02:38