If you believe you have found a security vulnerability in the Interchain Stack, you can report it to our primary vulnerability disclosure channel, the Cosmos HackerOne program.
Note
The ibc-rs is NOT part of the rewards program. Any issues reported for
ibc-rs are not eligible for bounty rewards.
If you prefer to report an issue via email, you may send a bug report to [email protected] with the issue details, reproduction, impact, and other information. Please submit only one unique email thread per vulnerability.
Artifacts from an email report are saved at the time the email is triaged. Please note: our team cannot monitor dynamic content (e.g. a Google Docs link that is edited after receipt) throughout the lifecycle of a report. If you would like to share additional information or modify previous information, please include it in an additional reply as an additional attachment.
Please DO NOT file a public issue in this repository to report a security vulnerability.
For the most up-to-date version of the policies that govern vulnerability disclosure, please consult the HackerOne program page.
The policy hosted on HackerOne is the official Coordinated Vulnerability Disclosure policy and Safe Harbor for the Interchain Stack, and the teams and infrastructure it supports, and it supersedes previous security policies that have been used in the past by individual teams and projects with targets in scope of the program.