mirror of
https://github.com/status-im/nimbus-eth2.git
synced 2025-01-14 00:29:04 +00:00
d1318fbe96
* part 2 of the initial doc fixes - spelling fixes - grammar fixes - em-dashes should be em-dashes (`—`): double dashes (`--`) are not rendered properly - reduce overusage of em-dashes, some of those should be separate sentences - use the correct syntax for notes, tips and warnings - every sentence is in a separate line (helps with future diffs) - add missing dots at the end of list items - fix some lists * sentences on separate lines in the remaining files
24 lines
993 B
Markdown
24 lines
993 B
Markdown
## Security related issues
|
|
|
|
**For any security related issues, follow responsible disclosure standards.
|
|
Do not file public issues.**
|
|
|
|
Please file a report at the [Ethereum bug bounty program](https://ethereum.org/en/bug-bounty/) in order to receive a reward for your findings.
|
|
|
|
When in doubt, please send an encrypted email to security@status.im and ask ([gpg key](https://github.com/status-im/status-security/blob/master/pgp-keys/security%40status.im.asc)).
|
|
|
|
Security related issues are (sufficient but not necessary criteria):
|
|
|
|
- Soundness of protocols (consensus model, p2p protocols): consensus liveness and integrity.
|
|
- Errors and failures in the cryptographic primitives
|
|
- RCE vulnerabilities
|
|
- Any issues causing consensus splits from the rest of the network
|
|
- Denial of service (DOS) vectors
|
|
- Broken Access Control
|
|
- Memory Errors
|
|
- Security Misconfiguration
|
|
- Vulnerable Dependencies
|
|
- Authentication Failures
|
|
- Data Integrity Failures
|
|
- Logging and Monitoring Vulnerabilities
|