nimbus-eth2/docs/the_nimbus_book/src/security_issues.md

Security related issues

For any security related issues, follow responsible disclosure standards. Do not file public issues.

Please file a report at the ethereum bug bounty program in order to receive a reward for your findings.

When in doubt, please send an encrypted email to security@status.im and ask (gpg key).

Security related issues are (sufficient but not necessary criteria):

• Soundness of protocols (consensus model, p2p protocols): consensus liveness and integrity.
• Errors and failures in the cryptographic primitives
• RCE vulnerabilities
• Any issues causing consensus splits from the rest of the network
• Denial of service (DOS) vectors
• Broken Access Control
• Memory Errors
• Security Misconfiguration
• Vulnerable Dependencies
• Authentication Failures
• Data Integrity Failures
• Logging and Monitoring Vulnerabilities