25 lines
1001 B
Markdown
25 lines
1001 B
Markdown
|
## Security related issues
|
||
|
|
**For any security related issues, follow responsible disclosure standards. Do not file public issues.**
|
||
|
|
|
||
|
|
|
||
|
|
*Please file a report at the ethereum [bug bounty program](https://ethereum.org/en/bug-bounty/) in order to receive a reward for your findings.*
|
||
|
|
|
||
|
|
|
||
|
|
*When in doubt, please send an encrypted email to security@status.im and ask ([gpg key](https://github.com/status-im/status-security/blob/master/pgp-keys/security%40status.im.asc)).*
|
||
|
|
|
||
|
|
|
||
|
|
*Security related issues are (sufficient but not necessary criteria):*
|
||
|
|
|
||
|
|
- Soundness of protocols (consensus model, p2p protocols): consensus liveness and integrity.
|
||
|
|
- Errors and failures in the cryptographic primitives
|
||
|
|
- RCE vulnerabilities
|
||
|
|
- Any issues causing consensus splits from the rest of the network
|
||
|
|
- Denial of service (DOS) vectors
|
||
|
|
- Broken Access Control
|
||
|
|
- Memory Errors
|
||
|
|
- Security Misconfiguration
|
||
|
|
- Vulnerable Dependencies
|
||
|
|
- Authentication Failures
|
||
|
|
- Data Integrity Failures
|
||
|
|
- Logging and Monitoring Vulnerabilities
|