Disclosure channel exists
Venus Protocol's assessment for RD-F-175 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No public disclosure channel of substance exists: (1) Immunefi immunefi.com/bug-bounty/venus/ returns 404; (2) No Sherlock program found; (3) No SECURITY.md in main GitHub repo (security_md_present: false in data cache); (4) Venus docs security page only states 'We offer a bug bounty program' with zero URL, email, platform or submission mechanism; (5) GitHub Security Advisories: zero published advisories; (6) README directs researchers to 'contact administrators of our Telegram chat' — not a formal channel. At $1.26B TVL this is a critical disclosure gap. Score: red.
Sources #
- GitHubVenusProtocol/venus-protocol README — Telegram security contactVenus Protocol README — security guidance: 'contact administrators of our Telegram chat'retrieved 2026-04-28
- Venus Protocol Security & Audits DocumentationVenus docs security page — vague bug bounty statement only; no URL, platform or contact emailretrieved 2026-04-28
- VenusProtocol/venus-protocol Security Advisories — None PublishedGitHub Security Advisories — zero published advisories confirmed by WebFetchretrieved 2026-04-28
- Venus Data Cache — Bug Bounty Fields NullData cache bug_bounty fields: platform null, max_payout_usd null, url null; Immunefi 404 confirmedretrieved 2026-04-28
- venus-protocol-documentation/security-and-audits.mdGitHub security-and-audits.md — only states 'We offer a bug bounty program' with no specificsretrieved 2026-04-28
Methodology #
Determine whether the protocol publishes a public security disclosure channel (security@ email, Immunefi program, in-house disclosure page).
See the full factor methodology and distribution across all protocols →