defirisk.co
rubric v1.7.0

Ignored bounty disclosure

USDD (Decentralized USD)'s assessment for RD-F-008 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No prior contract exploit incidents identified (Rekt DB empty, data cache rekt.incidents: []). Three USDD incidents (June 2022 depeg, March 2023 depeg, August 2024 BTC reserve removal) are economic/governance events, not contract exploits with formal disclosure channels. With no bug bounty program, there is no formal disclosure channel to 'ignore.' Cannot assess ignored disclosure where no disclosure channel exists.

Sources #

  • Internal
    USDD data cache - incidents and bug bountyData cache 00-data-cache.json - rekt.incidents: [], bug_bounty.platform: nullretrieved 2026-05-17

Methodology #

Determine whether any prior post-mortem documents a disclosed vulnerability that was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol usdd factor RD-F-008 score gray collected_at 2026-05-17 11:34:18