If you discover a security vulnerability in any Monolythium ecosystem product, please report it through our official bug bounty platform:
https://issues.monolythium.com
- Visit issues.monolythium.com and connect your wallet
- Select the affected product and describe the vulnerability
- Include steps to reproduce, impact assessment, and any proof of concept
- We will acknowledge your report within 7 business days
- Valid findings are eligible for LYTH token rewards based on severity
- We will work with you to understand and resolve the issue
We will not pursue legal action against individuals who conduct security research in good faith and in compliance with our Bug Bounty Policy. Activities conducted consistent with this policy constitute authorized conduct under the Computer Fraud and Abuse Act (CFAA) and equivalent international laws.
- Test on testnet only — all contracts are deployed 1:1 on testnet and mainnet
- Do not access, modify, or exfiltrate user data or funds
- Do not perform denial-of-service attacks
- Do not use social engineering against team members or users
- Report vulnerabilities promptly and do not disclose publicly before a fix is deployed or 90 days have passed
All products in the Monolythium ecosystem are in scope, including smart contracts, wallets (browser, desktop, mobile), web applications (MonoHub, Monoscan, MonoPlay), backend services, and documentation.
For full details, see our Bug Bounty Program.