Leaked credential on paste/sentry site

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-164 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Requires specialized paste-site and credential-dump monitoring feed not available in static T-10 assessment. sushi.com infrastructure (Next.js frontend, CDN, API keys) could be exposed if credentials are leaked. MISO 2021 supply-chain attack was a code injection by a contractor, not a credential leak — different class. No confirmed credential exposure on public paste sites detected via standard search. This gap requires a production credential-monitoring feed (PasteHunter, GitGuardian equivalent) for ongoing monitoring.

Sources #

URL
sushi-labs/sushiswap Security — GitHubSushi Labs GitHub security — no advisories; no credential leak signals detected via public searchretrieved 2026-05-17

Methodology #

Determine whether a public paste site, Sentry-alt, or credential-dump references protocol infrastructure endpoints or API keys.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-164 score gray collected_at 2026-05-16 19:50:37