At Composable, we are always striving towards writing secure and stable code. If you have found a critical bug or a security
vulnerability, you can simply report your findings to us.
When you report a security vulnerability please include:
- Description of the findings
- Platform(operating system, and rust version)
- Reproducible code sample(Make the vulnerability easy to reproduce)
- Type, Severity and impact of Vulnerability
- Name to be credited if the vulnerability makes it to an official vulnerability advisory
The more information you provide the better. We recommend submitting a report where you describe the vulnerability, show us how you found it and provide reproducible code samples. Providing mitigation advice is also recommended.
The report should be submitted to security@composable.finance.
We are encouraging responsible disclosure of security vulnerabilities by providing a legal safe harbor. In return, we ask you to not publicly disclose your findings until either 2 weeks of time has passed or after the bugs have been acknowledged and fixed.
What is currently in scope is finding bugs in a our code base running in a local environment. Exploiting production systems is strictly prohibited
Rewards are granted depending on the severity of the vulnerability, payed out in PICA tokens.