CVE/GHSA advisory issued against protocol

Wormhole's assessment for RD-F-178 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

- Finding: NO confirmed CVE or GHSA identifier was found for Wormhole's 2022 exploit or the uninitialized proxy vulnerability. Web search returned no CVE/GHSA entries against `wormhole-foundation/wormhole`. The 2022 exploit is documented in third-party security analyses (Halborn, Chainalysis, etc.) and the Immunefi write-up, but not in NIST NVD or GitHub Advisory Database with a formal identifier. For a $320M exploit, the absence of a CVE entry is notable but not penalized under RD-F-178 (thi...

Sources #

URL
https://extropy-io.medium.com/solanas-wormhole-hack-post-mortem-analysis-3b68b9e88e13retrieved 2026-04-28
URL
https://www.halborn.com/blog/post/explained-the-wormhole-hack-february-2022retrieved 2026-04-28
URL
https://immunefi.com/bug-bounty/wormhole/information/retrieved 2026-04-28
URL
https://www.chainalysis.com/blog/wormhole-hack-february-2022/retrieved 2026-04-28
URL
https://medium.com/immunefi/wormhole-uninitialized-proxy-bugfix-review-90250c41a43aretrieved 2026-04-28

Methodology #

Determine whether a CVE, GHSA, or equivalent public advisory has been issued against this protocol or its code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol wormhole factor RD-F-178 score gray collected_at 2026-04-28 01:38:43