Report a Security Issue
At Web3 Foundation (W3F) we encourage responsible security investigation and reporting.
What to Report
Contact us if you have discovered security issues in W3F programs, services, servers, network, or infrastructure.
Out of Scope: W3F websites
How to report
To report a security issue, send an email to security-report@web3.foundation with a description of the issue, including:
- Description of the issue’s potential impact
- The affected resource, e.g. URL, GitHub repo, transaction
- A proof-of-concept that demonstrates the issue, if applicable
Our PGP public key is available here.
Our process
Upon receiving your report, we will evaluate the issue and may reach out to ask for additional information and/or provide you with our assessment. Any reported security issues may be eligible for rewards, depending on their novelty and/or the severity of their impact. Payment of any reward is at the sole and absolute discretion of W3F.