Report a Security Issue

At Web3 Foundation (W3F) we encourage responsible security investigation and reporting.

How to report

To report a security issue send an email to [email protected].
Consider encrypting your message using the PGP key embedded below.

PGP Public Key

			
			-----BEGIN PGP PUBLIC KEY BLOCK-----

			mQINBGBYuMMBEADYRtSIEAW/4g8DAzvSnGWfhf+nZhWApMZXo5tzkXQXpIDYfwQj
			NafLPrQF9Wv5skzR5bZoLvrKL+siYkiqaloCngDtO9i3/JdklanMo9dhKyhI0WY5
			8WYv7i80hznfGYhpIRaj1lHuWxr8dqocQQSfzG1VWdLhsCOILZS0legW2CuXxVpy
			dTl26J8yzmwp9z8xdZZ3B2EV+aFFEmkpxUWPsKINOf10qqQEwQypGaEfWflsSJTf
			bC4sFNalfcdxsnjOgkAhtUvnp4yWomKvERFX7gzeFcflEbgxLZRw715HCg8lHV3s
			cOFh7s+94ndeXG2KHj+GXiBnruWzzLzU4Uw2UUM/EF8Js6vfEqMkb3sR9SH5LDhq
			TWIhiUpclIscXgSd8yAqvV6Rid41dYng2LFtNJpKKURxKxuRK8oA3yEgNODv0Eh2
			jAygf3FwKpZuqtH6uchB8CsXadya0a/lmMR4h8P2UhxWB5rp+704FFFexMexLiZg
			h5r7SDqvCSFxkQOopPJzYcrrNObdPLy7IG+/D0QGVVql7/+KmLMoPlongY2QNSt6
			kP4Ca4Ur3a9a/Wp1uKg39BVKB0h6x0ZjW7KjwL3AjRqvNJFb7cEuI2QsVlk0YbxY
			CxX5trRLfTD5cEtAliWwH30reUil9acj4/oxXkfa/9GATUs05tRemwsY8QARAQAB
			tEFXZWIzIEZvdW5kYXRpb24gU2VjdXJpdHkgUmVwb3J0IDxzZWN1cml0eS1yZXBv
			cnRAd2ViMy5mb3VuZGF0aW9uPokCVAQTAQoAPhYhBE4bIjVIRLov9KXySK6kih3E
			oIunBQJgWLjDAhsDBQkB4TOABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEK6k
			ih3EoIunsqsQAKmIOGcZ+uwMDBdXr0xzs0LWg3Iao3bmSUt8DYmQH2U+jIplv2et
			oygYYoeMK0iL6DcjuLzIft/5qTciOcgs6JaI++mlvS6sAKfm+jykKyZP0xHt6U7w
			cCjwheJjkjAk/5WidTAMT0YKvuhyBvKzmeJNlKVwRTEFlD0014WgJnMSqy5ZUcQ6
			oOta57EIRQKFYAuelHf64qM+hyHMclSinSr6BQd+crDoxGghbmrMOmokhg8N+Z6e
			FTJhHDALg+C0CfhU/cFczaXW3syq/2RnCL53TUd7DgvtjHdC47VLlEIvSGW4wIg+
			iDrOxjqN+1d8FLlvgiH5F521AqP8fUmKSeplFfXH0ph0XerNVliF1iyLjzEiuH1q
			nMyz3exg/pfUbt3Y6omIDpZwJ+htJgMG7/sSfSVHe+rnx+TOJB6IBRsiWZ2cDBxN
			iXpwgHiOY0OqgNMijMezPBd2/QSRWpKwOlqegSNUab13N4hQwBq4on/dQwuPbkRd
			pgMZgUdV58AtZgQ8h3eyUyxR0+uHiOw2JUTR9BKSG3H1truvUAussYUyxKJw4Hwf
			LNTBqdgp7AWpMr9CPVRQgXXYvzJb3XYVobs2KmI2frD0qXesEPlXpxC2r6OGuNi4
			YiWtUS6DgW/Ea3uaD7xQkaRutlHxG0KevLmKWVB3USCiqOlgycLYgqJBuQINBGBY
			uMMBEAC/3reK0Bifmtkgn9Jl+69dMrS4aEFGAPRxFwY2CtjoKOc8GE9wfIVFHqzu
			8PI60Nl1wIWvCxUx2R4lZCDQXedmYuPCMDhfV3gBaRHty2u9zCbCvlhvsDDSbCQj
			uiSSpgEAFcH4RsxzoMPUxm0UGYBMVHFd725Xh/kwo3W1QDay3yuMY4vOflqIfSyZ
			zrTqVpPWqrrbp9sZeOSmKNexUg3yyYZB0tMQMAj+dqT9F1TTEjKuJ3+mOK+JFCoi
			W5jJVl3MTVNvS/TwAPa2IhQF/Xlj2JSl70JoGOm/KxPf8WwRGel8NU68FHbd59OI
			RGhz2H0kGKPqgkSkzP3ywEYuGxSMaxI5lq+RXGmbp5FtlLRBAohukpVN+DeFyRtx
			n6bmWxpLD36HrmGwWQyLlbtMQYhJ9WJfk/32O9k4mbMR0HIpM19zxdrEzPg8HgyE
			pHG8jk5yIo/C1H1boQOipfJHcqP/yglEavSf0TC5PWPXgbtEVg0wixlGr6jYwC7i
			t0B1ARvsMjN96NBAxlev4oVVrC3F2KcAD0VWslafAxEam0dhXJvg55xCaKESQE8/
			EmcGyO7GlYzClkIcN+ZCvWYyDR66d9CT7sRy4zltHIWaJLOuwHx9yrSoa17c9DUi
			T5V78YH3kSmbasrFpOuuGYmM2Q5NRP2+jDKv2EoAfiYdeQsL+QARAQABiQI8BBgB
			CgAmFiEEThsiNUhEui/0pfJIrqSKHcSgi6cFAmBYuMMCGwwFCQHhM4AACgkQrqSK
			HcSgi6chUA//ReKKRibZnK6UG0A8/OChcPY9yx7y5eQFX4qBdjX5xK7cidxcvEaq
			wKm82kipfIYpSTCZOBzdjVUY5J20bkYGb977dhqiqtfxOeaBZ1tJHbZD85bWNTu+
			gq+1nOah97nPgzkyDiaqcqKl62jxQX9AIgJsST7ajGcDK1J04nP1GY+mdISA56C7
			KxnQzRSOvSpAOwQb5LZZrP5ohpN1eHtrtX2Nf18v5i7e936YPKeLJSp3cv9j1Q04
			iacKvK4dzgoc0v4eih444dEP7PkdA/7JEGn2ib454QyUpKxqPo4rgGsGUPNdzWaD
			x6Ppn6K9VqkgUokRh15o8MRuwxBy5VkSLgdgaGW3OpTWY7YF4F2u4nV5HyOnpgOc
			9mM2R8I0PRinJBYG/oTGUnMNmfzmi4Ho23nvTEI3M7G3dUVcORzdJOpQML6vERAq
			HTsaGMfR0WcafWuZDcgm7LJ5jRtREddUY1D9LG7HQGDsA0iYgtH19yHT3InLhG/r
			O3eL8Gdl84EXpDw5fTkT1phqscdtQIYOiyLXEa0/Ypk9L+NK+tNyZw52b4stjBvh
			RAyfB1COpuvEqhH5b6Lqi7n2rFjCnhehhUC3aiki8O4921Fv07L1Mn/3OJnzB5Rg
			g1aO9eSNrp8GR8gkI04QJ9i7KCdU/cOw6ysnlDydA99I9hDqTXuzPRM=
			=9/h/
			-----END PGP PUBLIC KEY BLOCK-----
			
		

To facilitate reproduction of reported issues, we encourage you to include the following information if possible:

  • Description of the issue
  • Description of the issue’s potential security impact
  • The affected resource. e.g. URL, GitHub code snippet, transaction
  • Ideally a proof-of-concept that demonstrates the issue

Our process

Upon receiving your report, W3F will assess the issue and reach out to ask for additional information and/or provide assessment. Any reported security issues may be eligible for rewards depending on W3F’s determination of their novelty and the severity of their potential impact.