If you believe you’ve discovered a bug or security vulnerability in one of Liquid Collective protocols, products or services, please report it to Liquid Collective team by email at security@liquidcollective.io.
An acknowledgement of receipt will be given within 1 business day.
The vulnerability must be disclosed to Liquid Collective team, through email channel only, and not be disclosed publicly or to any other person, entity or communication channel before Liquid Collective has been notified, has fixed the issue, has released an update to the concerned service and has granted permission for public disclosure.
Any vulnerability or bug in any deployed Liquid Collective protocols and products.
Please provide as much information about the vulnerability as possible, including:
- Location of the vulnerability
- The conditions on which reproducing the vulnerability is contingent
- The detailed description of the steps to reproduce the bug or vulnerability
- The potential impacts of the vulnerability being abused
While investigating a vulnerability we encourage reporters to please
- Not engage in any activity that would be disruptive or damaging to Liquid Collective users
- Make a good faith effort to avoid privacy violations, destruction of data, interruption or degradation of any of Liquid Collective services
- Only use the identified communication channel to report vulnerability information to Liquid Collective team
- Not publicize a vulnerability in any way, before Liquid Collective team has granted permission for public disclosure
Thank you for participating in making the Liquid Collective protocol safer and more secure!
We are currently designing our bug bounty program, which will aim to reward responsible bug and vulnerability disclosure. Any bug or vulnerability reported today that will be eligible under our bug bounty program will be included with retroactive effect.