code.vegaprotocol.io/vega@v0.79.0/SECURITY.md

code.vegaprotocol.io/vega@v0.79.0/SECURITY.md (about)

     1  # Security Policy
     2  
     3  ## Supported Versions
     4  
     5  Please see [Releases](https://github.com/vegaprotocol/vega/releases). We recommend mainnet node operators use only the [most recently released version](https://github.com/vegaprotocol/vega/releases/latest).
     6  
     7  ## Audit reports
     8  
     9  | Scope | Date | Report Link |
    10  | ------- | ------- | ----------- |
    11  | `MultisigControl` | 20220513 | [pdf](https://github.com/vegaprotocol/MultisigControl/blob/develop/audit/2022-05-23_MultiSigControl_Decentralised_Limits_v2-0.pdf.pdf) |
    12  | `Vega_Token_V2` | 20210823 | [pdf](https://github.com/vegaprotocol/Vega_Token_V2/tree/main/audit/2021-08-23_ERC20_Vesting.pdf)
    13  
    14  ## Reporting a Vulnerability
    15  
    16  **Please DO NOT file a public ticket** mentioning the vulnerability. This is especially important for vulnerabilities that may result in loss or freezing of assets and those that may cause degradation or outages of the network.
    17  
    18  To find out how to disclose a vulnerability in Vega visit the [bug bounties](https://vega.xyz/bug-bounties) page or email security@vegaprotocol.io. 
    19  
    20  Please read the [disclosure page](https://github.com/vegaprotocol/vega/security/advisories?state=published) for more information about publicly disclosed security vulnerabilities.
    21  
    22  The following key may be used to communicate sensitive information to the project team.
    23  
    24  
    25  ```
    26  -----BEGIN PGP PUBLIC KEY BLOCK-----
    27  
    28  mDMEZJBtihYJKwYBBAHaRw8BAQdAnoV3CXhVkzH4SWA9C9t5kQOniW3RLSpYMGKa
    29  4v4TqjO1AVVWZWdhUmVwb3J0IChWZWdhLVByb3RvY29sIFNlY3VyaXR5IElzc3Vl
    30  IFJlcG9ydGluZyBrZXkuIFRoaXMga2V5IGlzIG9ubHkgdXNlZCB0byBhbGxvdyBm
    31  b3IgZW5jcnlwdGVkIGNvbW11bmljYXRpb24gb24gc2VjdXJpdHkgaXNzdWVzIHdp
    32  dGggdGhlIHRlYW0sIGFuZCBpcyBuZXZlciB1c2VkIHRvIHNpZ24gYW55dGhpbmcg
    33  bWVhbmluZ2Z1bC4gSXQgYWxzbyBtYXkgYmUgcmV2b2tlZCBhdCBhbnkgdGltZTsg
    34  cGxlYWUgY2hlY2sgdGhlIHdlYnNpdGUgYXQgdmVnYS54eXogYXMgdGhlIGF1dGhv
    35  cmF0aXZlIHNvdXJjZSBvZiB0aGUgY3VycmVudGx5IHVzZWQga2V5LikgPHNlY3Vy
    36  aXR5QHZlZ2EueHl6PoiZBBMWCgBBFiEEDmwoUh14HTF+GTIYbn2QYotPYZMFAmSQ
    37  bYoCGwMFCQPCZwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQbn2QYotP
    38  YZNYIwEA1Qu6MZcb5RqotV8dlodFxp9s1CL5jqHO0mq+yvyyUu8BAP1hKuhdTN35
    39  MmAf5jCXD+kCv9UkBAdkJ3Mux7v4+D8KuDgEZJBtihIKKwYBBAGXVQEFAQEHQGop
    40  lH9egLg4MU30OINhdDw1nz1N8/Ocw78a/KNi+mUvAwEIB4h+BBgWCgAmFiEEDmwo
    41  Uh14HTF+GTIYbn2QYotPYZMFAmSQbYoCGwwFCQPCZwAACgkQbn2QYotPYZPdgAEA
    42  gHy/18LW+Yn//ddY6+2hCGhLzGDh5D5jSoLcD8/UGPoBAJezJQFgQuPZ0buIBrSh
    43  UGCir7aOk4/aTC1UAg0+8w8F
    44  =KKVZ
    45  -----END PGP PUBLIC KEY BLOCK-----
    46  ```