doged takes security very seriously. We greatly appreciate any and all disclosures of bugs and vulnerabilities that are done in a responsible manner. We will engage responsible disclosures according to this policy and put forth our best effort to fix disclosed vulnerabilities as well as reaching out to numerous node operators to deploy fixes in a timely manner.
Do not disclose any bug or vulnerability on public forums, message boards, mailing lists, etc. prior to responsibly disclosing to doged and giving sufficient time for the issue to be fixed and deployed. Do not execute on or exploit any vulnerability. This includes testnet, as both mainnet and testnet exploits are effectively public disclosure. Regtest mode may be used to test bugs locally.
When reporting a bug or vulnerability, please provide the following to [email protected]:
- A short summary of the potential impact of the issue (if known).
- Details explaining how to reproduce the issue or how an exploit may be formed.
- Your name (optional). If provided, we will provide credit for disclosure. Otherwise, you will be treated anonymously and your privacy will be respected.
- Your email or other means of contacting you.
Neighboring projects that may be affected by bugs, potential exploits, or other security vulnerabilities that are disclosed to doged will be passed along information regarding disclosures that we believe could impact them. We are disclosing these relationships here:
doged cannot commit to bounty payments ahead of time. However, we will use our best judgement and do intend on rewarding those who provide valuable disclosures (with a strong emphasis on easy to read and reproduce disclosures).