Prior known-ignored disclosure

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-177 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No evidence found that any disclosure was reported to SushiSwap and ignored prior to an exploit. RouteProcessor2: HYDN reported vulnerability on night of Apr 8; Jared Grey confirmed and initiated War Room within ~1 hour — no delay. Kashi 2022: BlockSec reported findings; SushiSwap confirmed and took immediate protective action — no delay. No post-mortem documents a known-but-ignored disclosure.

Sources #

URL
Kashi KashiPairMediumRiskV1 logic bug — Sushi response (BlockSec)BlockSec Medium — Kashi: Sushi team confirmed and took immediate actionretrieved 2026-05-17
URL
RouteProcessor2 Post Mortem (sushi.com)SushiSwap RouteProcessor2 post-mortem — immediate response, no ignored disclosureretrieved 2026-05-17

Methodology #

Determine whether evidence exists in prior-incident post-mortems that a disclosed vulnerability was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-177 score green collected_at 2026-05-16 19:50:37