Reporting Security Vulnerabilities
A security vulnerability is a set of conditions in the design, implementation, operation or management of a product or service. Vulnerabilities render the product or service unable to prevent an attack resulting in exploitations such as disrupting operation or compromising data.
Block.one believes in the value of ethical hacking.
We have set up a bug bounty program with BugCrowd where we invite you to submit potential security vulnerabilities in block.one assets. We currently have two programs across EOSIO Software and the broader block.one
We have and will continue to give credit and make bounty payments in accordance to the program rules. Block.one Information Security, in its sole discretion, will make the final decision about granting, refusing, and publishing credits, as well as their form and content.
We will refuse credit and bounty where researchers do not otherwise behave responsibly and ethically. This includes an absolute requirement to participate in responsible disclosure.
If you have any further questions or would like to get in touch with a cybersecurity representative please contact VulnerabilityReporting@block.one. If you have sensitive information you can encrypt with our public PGP key.