Report a Security Issue
At Web3 Foundation (W3F) we encourage responsible security investigation and reporting.
How to report
To report a security issue send an email to security-report@web3.foundation.
Consider encrypting your message using the PGP key embedded below.
To facilitate reproduction of reported issues, we encourage you to include the following information if possible:
- Description of the issue
- Description of the issue’s potential security impact
- The affected resource. e.g. URL, GitHub code snippet, transaction
- Ideally a proof-of-concept that demonstrates the issue
Our process
Upon receiving your report, W3F will assess the issue and reach out to ask for additional information and/or provide assessment. Any reported security issues may be eligible for rewards depending on W3F’s determination of their novelty and the severity of their potential impact.