We consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.
DO NOT report security vulnerabilities through public GitHub issues. Instead, please use one of the following means of communications to report it to us:
- Report through our Linea Immunefi program or
- Email us at [email protected] with details about the security issue.
Please provide the following details in your email:
- Description of the vulnerability
- Steps to reproduce the vulnerability
- Versions affected
- Any potential mitigations or workarounds you've identified
A responsible disclosure policy helps protect users of the project from publicly disclosed security vulnerabilities without a fix by employing a process where vulnerabilities are first triaged in a private manner, and only publicly disclosed after a reasonable time period that allows patching the vulnerability and provides an upgrade path for users.
When contacting us directly via email, we will do our best efforts to respond in a reasonable time to resolve the issue. When contacting a security program their disclosure policy will provide details on time-frame, processes and paid bounties.
We kindly ask you to refrain from malicious acts that put our users, the project, or any of the project's team members at risk.
Linea risk disclosures can be found at:
- Linea docs - https://docs.linea.build/risk-disclosures
- Linea Immunefi program - https://immunefi.com/bounty/linea/
This security policy applies to the code, libraries, and configurations within this repository. This includes any code or components that are part of the repository or its dependencies.
- Plonk Verifier https://consensys.io/diligence/audits/private/re9fdlhtjn7jfr/
- Message Service & Rollup: https://consensys.io/diligence/audits/private/zxi4edywq3d1zr/
- Canonical Token Bridge: https://consensys.io/diligence/audits/private/nzqt1bai7j8ryf/