Report a Security Issue

At Web3 Foundation (W3F) we encourage responsible security investigation and reporting.

How to report

To report a security issue send an email to security-report@web3.foundation.
Consider encrypting your message using the PGP key embedded below.

To facilitate reproduction of reported issues, we encourage you to include the following information if possible:


  • Description of the issue
  • Description of the issue’s potential security impact
  • The affected resource. e.g. URL, GitHub code snippet, transaction
  • Ideally a proof-of-concept that demonstrates the issue

Our process

Upon receiving your report, W3F will assess the issue and reach out to ask for additional information and/or provide assessment. Any reported security issues may be eligible for rewards depending on W3F’s determination of their novelty and the severity of their potential impact.