Skip to content

Security: synapsecns/sanguine

SECURITY.md

Security Policy

Overview

The security of Synapse Protocol is paramount. To standardize and encourage the discovery of bugs, the following outlines how to report bugs found in Synapse Protocol, sanguine, or any related code base. The program enables community members to submit reports of "bugs" or vulnerabilities for a chance to earn rewards. The program aims to incentivise responsible disclosure and enhance the security of Synapse Protocol.

Bounties are allocated on an ad hoc basis, and depend on the legitimacy, risk level, and other variables.

Reporting a Vulnerability

All bug disclosures should be disclosed privately to a member of Synapse Labs. This can be done in the following ways:

  1. Open up a ticket in the Synapse Discord
  2. Reach out to a core team member privately on Telegram

The Wrong Way to Disclose

Please exercise prudence when disclosing a bug. The following actions are the wrong way to disclose a bug:

  • Filing a public ticket mentioning the vulnerability
  • Testing the vulnerability on mainnet or testnet
  • Sharing the bug on a public channel

Other Vulnerabilities

For vulnerabilities in any of our websites, email servers, or other non-critical infrastructure, please reach out through one of the channels above. We and Labs appreciate detailed instructions outlining the vulnerability.

Other Terms

The decisions made regarding rewards are final and binding. By submitting your report, you grant Synapse Labs any and all rights, including without limitation intellectual property rights, needed to validate, mitigate, and disclose the vulnerability. All reward decisions, including eligibility for and amounts of the rewards and how such rewards will be paid, are made at the sole discretion of Synapse Labs. Terms and conditions of the Program may be altered at any time. Synapse Labs may change or cancel this Program at any time, for any reason.

There aren’t any published security advisories