You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: SECURITY.md
+5-13Lines changed: 5 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,30 +6,22 @@ Category Labs engages third party audit firms to conduct independent security au
6
6
As these third party audits are completed and issues are sufficiently addressed, we make those audit reports public. Audits can be found in the [monad-audits](https://github.com/category-labs/monad-audits) repository.
7
7
8
8
## Reporting a Vulnerability
9
-
We are committed to maintaining the security and integrity of our codebase and appreciate the security research community’s efforts in helping us achieve this goal. If you believe you have discovered a security vulnerability in our codebase, we encourage responsible disclosure through the process outlined below.
9
+
We are committed to maintaining the security and integrity of our codebase and appreciate the security research community’s efforts in helping us achieve this goal. If you believe you have discovered a security vulnerability in our codebase, we encourage responsible disclosure.
10
+
11
+
Please follow the disclosure requirements listed in the [public Cantina bug bounty](https://cantina.xyz/code/31f19cea-dda2-4568-8f99-27dafd120c97/overview)_to be considered eligible for a bug bounty_.
10
12
11
13
**DO NOT** report critical security vulnerabilities through public channels, including GitHub issues or public forums.
12
14
13
-
**Instead, email us at: security@category.xyz with “VULNERABILITY: “ in the subject line.**
15
+
**For other security-related reports, you may email us at: security@category.xyz.**
14
16
15
17
Please include the following information in your report:
16
18
17
19
- Detailed description of the vulnerability
18
20
- Step-by-step reproduction instructions
19
21
- Assessment of potential security impact and exploitation scenarios
20
-
- Proof-of-concept code or exploit demonstration (if possible)
22
+
- Proof-of-concept code or exploit demonstration (if applicable)
21
23
- Your preferred contact information for follow-up communications
22
24
23
-
Submissions must include a proof-of-concept or they will be rejected without review.
24
-
25
-
### Responsible Disclosure Policy
26
-
We adhere to industry-standard responsible disclosure principles and request that researchers do the same.
27
-
28
-
1. Vulnerabilities should be submitted through private channels to our security team
29
-
2. Allow reasonable time for investigation, validation, and remediation
30
-
3. Mutual coordination on public disclosure timelines
31
-
4. Confidentiality until patches are deployed and disclosure is authorized
32
-
33
25
### Scope Limitations
34
26
35
27
The following issues are considered outside the scope of our vulnerability disclosure program:
0 commit comments