Skip to content

Security: acheroncrypto/solana-program-library

Security

SECURITY.md

Security Policy

  1. Reporting security problems
  2. Security Bug Bounties
  3. Scope
  4. Incident Response Process

Reporting security problems to Solana

DO NOT CREATE AN ISSUE to report a security problem. Instead, please send an email to [email protected] and provide your github username so we can add you to a new draft security advisory for further discussion.

Expect a response as fast as possible, typically within 72 hours.

Security Bug Bounties

We offer bounties for critical security issues. Please see the Solana Security Bug Bounties for details on classes of bugs and payment amounts.

Scope

Only a subset of programs within the Solana Program Library repo are deployed to mainnet-beta and maintained by the team. Currently, this includes:

If you discover a critical security issue in an out-of-scope program, your finding may still be valuable.

Many programs, including token-swap and token-lending, have been forked and deployed by prominent ecosystem projects, many of which have their own bug bounty programs.

While we cannot guarantee a bounty from another entity, we can help determine who may be affected and put you in touch the corresponding teams.

Incident Response Process

In case an incident is discovered or reported, the Solana Security Incident Response Process will be followed to contain, respond and remediate.

There aren’t any published security advisories