ShapeShift DAO Documentation
Search…
ShapeShift DAO
How to Contribute
Complete Bounties
Add Features
Offer Bounties
Bugs
General Information
Platform Overview
Branching
Security
Release Process
Web
Unchained
Engineering
Roles & Responsibilities
Open Source Project Repositories
HDWallet
Unchained
Web
Lib
Careers
Careers
Powered By GitBook
Security
At ShapeShift, we take security seriously. We encourage independent security researchers to contact us in order to privately report security vulnerabilities or issues. The information on this page is intended for those security researchers that are interested in reporting security vulnerabilities directly to the ShapeShift security team.

Reporting a Vulnerability

If you would like to disclose a vulnerability to ShapeShift, we encourage you to email [email protected] Please include the following information in your email:
  • Your name, nickname, handle, or what you’d like to be called while we communicate with you
  • The date/time you first identified the vulnerability
  • How you identified the vulnerability
  • As much detail about the vulnerability as you can
  • Any additional information you feel may be pertinent

Report Lifecycle

After you make a report, we will work with you to confirm it and assess its impact. Once we've been able to confirm the issue, we'll work to remediate it. We ask that you keep your report confidential for 90 days after you make it, to give us a chance to remediate the issue and protect our users.
After we have fixed the issue -- or after 90 days, whichever comes first -- we will release a summary of the issue you reported and any remediation steps we've taken, and you are free to publish.

COMSEC

If you would like to encrypt your vulnerability report, please use the following GPG key.
Security Workstream GPG Key
General Information - Previous
Branching
Next - Release Process
Web
Last modified 2mo ago
Copy link
Edit on GitHub
Contents
Reporting a Vulnerability
Report Lifecycle
COMSEC