We appreciate your time and effort in responsibly reporting any security vulnerabilities you may find on our blockchain or in the related tooling.
Please write an email to security@concordium.com.
Do not create a public bug ticket mentioning the vulnerability or discuss it publically before we got the chance to fix it and coordinate disclosure.
Your mail report should include the following information:
- description of the vulnerability
- clear steps to reproduce
- potential impact
- attack scenario (if any)
- affected components
- github username
We encourage you to use our public key when sending sensitive information.
You'll receive a first response to your email after one working day. If applicable, a new security advisory will be opened and all further communication will proceed there with you as invited collaborator.
Before writing to us, please check out of scope and previously published security advisories.
🙏 Thank you 🙏
- Concordium websites https://concordium.com/ and https://developers.concordium.com/ and other infrastructure such as email
- Concordium Node Dashboard UI
- Concordium Network Dashboard UI
We may reward reports of critical or high severity.
-----BEGIN PGP PUBLIC KEY BLOCK-----