Disclosure channel exists
SUNSwap (sun.io)'s assessment for RD-F-175 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No active bug bounty program on Immunefi, HackerOne, or Bugcrowd confirmed for SUNSwap / sun.io / sun protocol as of 2026-05-17. Data cache bug_bounty.platform=null, bug_bounty.url=null. No SECURITY.md in any sun-protocol GitHub repository (data cache github.security_md_present=false; GitHub security page for sunswap-finance/sunswap-core confirms no SECURITY.md). sunswap.com/docs and docs.sun.io both return 403. No security.txt found. Confirmed absence of any public disclosure channel on a ~$403M multi-version DEX with V4 hooks surface 76 days old.
Sources #
- Internal00-data-cache.json github and bug_bounty fieldsData cache github.security_md_present=false; bug_bounty.platform=null; bug_bounty.url=nullretrieved 2026-05-17
- Immunefi Bug Bounty ProgramsImmunefi bug bounty search — no sunswap/sun.io/sun protocol program foundretrieved 2026-05-17
- sunswap-finance/sunswap-core Security OverviewGitHub security overview for sunswap-finance/sunswap-core — no SECURITY.md set upretrieved 2026-05-17
Methodology #
Determine whether the protocol publishes a public security disclosure channel (security@ email, Immunefi program, in-house disclosure page).
See the full factor methodology and distribution across all protocols →