Reporting Security Vulnerabilities
A security vulnerability is a set of conditions in the design, implementation, operation or management of a product or service. Vulnerabilities render the product or service unable to prevent an attack resulting in exploitations such as disrupting operation or compromising data.
Block.one believes in the value of ethical hacking. We are currently in the process of relaunching our bug bounty program – updates will be coming in the near future. In the interim if you find a potential security vulnerability in block.one assets, products or services including EOSIO you can report it by emailing us at VulnerabilityReporting@block.one.
We will give credit and make bounty payments in accordance to the new program rules when launched. We will make good faith efforts to apply those new rules to reports received during this interim period when able. Block.one Information Security, in its sole discretion, will make the final decision about granting, refusing, and publishing credits, as well as their form and content. We will refuse credit and bounty where researchers do not otherwise behave responsibly and ethically. This includes an absolute requirement to participate in responsible disclosure.
If you have any further questions or would like to get in touch with a cybersecurity representative please contact VulnerabilityReporting@block.one. If you have sensitive information you can encrypt with our public PGP key.