defirisk.co
rubric v1.7.0

Prior known-ignored disclosure

Wormhole's assessment for RD-F-177 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

- Finding: NO evidence found. The Feb 2022 exploit had an unusual aggravating factor: a fix for the exact vulnerability had been committed to the public Wormhole GitHub repo but had not yet been deployed to mainnet. This is not a "known-ignored disclosure" in the sense of a reporter flagging the bug and being dismissed — it appears to be a deployment gap (commit merged but not yet pushed to mainnet). The attacker may have found the bug by reading the undeployed diff. This is a significant pro...

Sources #

  • Curator note
    Extracted from 05-ops-history.md — RD-F-177; no URL cited in originalretrieved 2026-04-28

Methodology #

Determine whether evidence exists in prior-incident post-mortems that a disclosed vulnerability was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol wormhole factor RD-F-177 score gray collected_at 2026-04-28 01:38:43