At Composable Finance we are always striving towards writing secure and stable code. If you have found a critical bug or a security
vulnerability, you can simply report your findings to us.
When you report a security vulnerability please include:
- Description of the findings
- Platform(operating system, and rust version)
- Reproducible code sample(Make the vulnerability easy to reproduce)
- Type, Severity and impact of Vulnerability
- Name to be credited if the vulnerability makes it to an official vulnerability advisory
The more information you provide the better. We recommend submitting a report where you describe the vulnerability, show us how you found it and provide reproducible code samples. Providing mitigation advice is also recommended.
We are encouraging responsible disclosure of security vulnerabilities by providing a legal safe harbor. In return, we ask you to not publicly disclose your findings until either 2 weeks of time has passed or after the bugs have been acknowledged and fixed.
What is currently in scope is finding bugs in a our code base running in a local enviroment.
Exploiting production systems are stricly prohibited
Rewards are granted depending on the severity of the vulnerability, ranging from $50 to $30.000, payed out in PICA tokens.