Skip to content

Latest commit

 

History

History
52 lines (34 loc) · 2.15 KB

SECURITY.md

File metadata and controls

52 lines (34 loc) · 2.15 KB

Security and Issue Disclosures

In the interest of protecting the security of our users and their funds, we ask that if you discover any security vulnerabilities in the Code Program Library, the clients, the on-chain smart contracts, or the mobile app, you report them using the following proceedure. Our security team will review your report. Your cooperation in maintaining the security of our products is appreciated.

⚠️ DO NOT CREATE A GITHUB ISSUE to report a security problem

Security Policy

  1. Reporting security problems
  2. Security Bug Bounties
  3. Scope
  4. Incident Response Process

Reporting security problems in the Code Program Library

Please use this Report a Vulnerability link. Provide a helpful title and detailed description of the problem.

If you haven't done so already, please enable two-factor auth in your GitHub account.

Expect a response as fast as possible in the advisory, typically within 72 hours.

Bounty

Code Inc may offer bounties for critical security issues. Either a demonstration or a valid bug report is all that's necessary to submit a bug bounty. A patch to fix the issue isn't required.

Scope

Only a subset of programs within the Code Program Library repo are deployed to the Mainnet Beta.

Currently, this includes:

If you discover a critical security issue in an out-of-scope program, your finding may still be valuable.

Process

If you do not receive a response in the advisory, send an email to security@getcode.com with the full URL of the advisory you have created. DO NOT include attachments or provide detail sufficient for exploitation regarding the security issue in this email. Only provide such details in the advisory.

If you do not receive a response from security@getcode.com please followup with the team directly.