To report any vulnerabilities, please contact us using this info:
- Email:
y@kuhi.to - Keybase: yakuhito_chia
- Twitter: yakuh1t0
A public prize pot is kept at xch1z7858gvuwpm9tsqdevaf9nemvmragszhv76tpe3v7q9awhl8uyaqc47p9q (SpaceScan; XCHScan). We reserve the right to decide whether a vulnerability report should be awarded or not, as well as the exact amount to be awarded on a case-by-case basis.
Generally, we will award critical issues that would break the protocol or the bridge apps contained in this repository. For example, it's likely that a vulnerability that allows someone to unlock (unwrap) more XCH than they are supposed to will receive a bounty. Likewise, an issue that allows a message to be relayed twice will also (most probably) be awarded.
Scope:
- Chialisp in this repository (for the cross-chain messaging protocol, as well as for the two bridges)
- Validator code
- Solidity code (only after 1st audit is announced and finished)