Please see Releases. We recommend to use the most recent released version.
The following actions: will disqualify you from eligibility under our forthcoming bug bounty program:
- File a public ticket mentioning the vulnerability
- Test the vulnerability on the mainnet or testnet
Please email us at security@optimism.io. We appreciate detailed instructions for confirming the vulnerability.
We will be launching a bounty program very soon, focused primarily on our deployed smart contracts. Any vulnerability reports received prior to the launch of this program will be considered for a payout within that program.
The following key may be used to communicate sensitive information to developers.
Fingerprint: AF4B 924E 3D03 E7B9 AB95 25E5 D3CD 8BD7 64AC E995
-----BEGIN PGP PUBLIC KEY BLOCK-----
mFIEXnlZUhMIKoZIzj0DAQcCAwQhuVLb3ZGRJ/EpcvO/02F1PNpcuT6tIw5BhHdt
xc97gENYp6XrhtemC51M6/igxITiSIhwRvUjuVenVo/fww6RtCVNYXJrIFR5bmV3
YXkgPG1hcmsudHluZXdheUBnbWFpbC5jb20+iIAEExMIABwFAl55WVICCwkCGwME
FQgJCgQWAgMBAheAAh4BABYJENPNi9dkrOmVCxpUUkVaT1ItR1BHrDoA/00pjZ58
d0DoAmQs8Qnytkwyiewk+l5gUwGGgL1PzXj1AP9VPARuoWOMMlxItVExaTmD0y6e
a1rc21ANUAoBa53T77hWBF55WVISCCqGSM49AwEHAgME+UsSeTWeDdE1MJjJwZKS
xGHLkzRp5gcL9i1qETII3mVAQwIx+vZ/vn2XsXGBgLSoGQLIEDix8wKPbc77G8MR
LQMBCAeIbQQYEwgACQUCXnlZUgIbDAAWCRDTzYvXZKzplQsaVFJFWk9SLUdQR+4Q
AP4gAyKnTCX7xRn6JxSsreiihfqJ9GyEz7eYYobg5m4J8AD/TNlbgcARCIc28BEy
uTRoTkujtMVATibXMnY7++xRXbc=
=Q/dE
-----END PGP PUBLIC KEY BLOCK-----
Copy the above key to a file and use the command gpg --import <file> to import the key into the gpg keyring.