In the interest of protecting the security of our users and their funds, we ask that if you discover any security vulnerabilities in the Code Program Library, the clients, the on-chain smart contracts, or the mobile app, you report them using the following proceedure. Our security team will review your report. Your cooperation in maintaining the security of our products is appreciated.
Please use this Report a Vulnerability link. Provide a helpful title and detailed description of the problem.
If you haven't done so already, please enable two-factor auth in your GitHub account.
Expect a response as fast as possible in the advisory, typically within 72 hours.
Code Inc may offer bounties for critical security issues. Either a demonstration or a valid bug report is all that's necessary to submit a bug bounty. A patch to fix the issue isn't required.
Only a subset of programs within the Code Program Library repo are deployed to the Mainnet Beta.
Currently, this includes:
If you discover a critical security issue in an out-of-scope program, your finding may still be valuable.
If you do not receive a response in the advisory, send an email to security@getcode.com with the full URL of the advisory you have created. DO NOT include attachments or provide detail sufficient for exploitation regarding the security issue in this email. Only provide such details in the advisory.
If you do not receive a response from security@getcode.com please followup with the team directly.