IMPORTANT: If you find a security issue, you can contact our team directly at security@interchain.berlin, or report it to our bug bounty program on HackerOne. DO NOT open a public issue on the repository.
As part of our Coordinated Vulnerability Disclosure Policy, we operate a bug bounty program with Hacker One.
See the policy linked above for more details on submissions and rewards and read this blog post for the program scope.
The following is a list of examples of the kinds of bugs we're most interested in for the IBC Golang repository. Please refer to the corresponding repositories for vulnerabilities on the Cosmos SDK and Tendermint repositories.