github.com/electroneum/electroneum-sc@v0.0.0-20230105223411-3bc1d078281e/SECURITY.md

github.com/electroneum/electroneum-sc@v0.0.0-20230105223411-3bc1d078281e/SECURITY.md (about)

     1  # Security Policy
     2  
     3  ## Supported Versions
     4  
     5  Please see [Releases](https://github.com/electroneum/electroneum-sc/releases). We recommend using the [most recently released version](https://github.com/electroneum/electroneum-sc/releases/latest).
     6  
     7  ## Audit reports
     8  
     9  Audit reports are published in the `docs` folder: https://github.com/electroneum/electroneum-sc/tree/master/docs/audits 
    10  
    11  | Scope | Date | Report Link |
    12  | ------- | ------- | ----------- |
    13  | `geth` | 20170425 | [pdf](https://github.com/ethereum/go-ethereum/blob/master/docs/audits/2017-04-25_Geth-audit_Truesec.pdf) |
    14  | `clef` | 20180914 | [pdf](https://github.com/ethereum/go-ethereum/blob/master/docs/audits/2018-09-14_Clef-audit_NCC.pdf) |
    15  | `Discv5` | 20191015 | [pdf](https://github.com/ethereum/go-ethereum/blob/master/docs/audits/2019-10-15_Discv5_audit_LeastAuthority.pdf) |
    16  | `Discv5` | 20200124 | [pdf](https://github.com/ethereum/go-ethereum/blob/master/docs/audits/2020-01-24_DiscV5_audit_Cure53.pdf) |
    17  
    18  ## Reporting a Vulnerability
    19  
    20  **Please do not file a public ticket** mentioning the vulnerability. Instead, contact one of the blockchain team directly.
    21  
    22  Please read the [disclosure page](https://github.com/electroneum/electroneum-sc/security/advisories?state=published) for more information about publicly disclosed security vulnerabilities.
    23  
    24  Use the built-in `etn-sc version-check` feature to check whether the software is affected by any known vulnerability. This command will fetch the latest [`vulnerabilities.json`](https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities.json) file which contains known security vulnerabilities concerning `etn-sc`, and cross-check the data against its own version number.
    25  
    26  The following key may be used to communicate sensitive information to developers.
    27  
    28  Fingerprint: `0B8F 5DEE FABF 563F 4D45  A217 CC48 99F1 3749 1B2F`
    29  
    30  ```
    31  -----BEGIN PGP PUBLIC KEY BLOCK-----
    32  
    33  mQGNBGLeZHMBDAC3ptnfWFm6Z7sTS//lpZMxxjxGhTZfeC4770PAjYkWdMSw8uAS
    34  ANvu/BAEOb2g4/nmHQJYqRsuF2+TWapzTFfaaX3VRba7DMJ5Pf6xNYCkP7rIP0X6
    35  BOiqgGFss62RBCKIHjXPFnaJWcOFDPkY8bZ3S9fSugJxRkigncA7XLoG8VF0w3rT
    36  /Z4MqpBjIJLmEImsbfPw6c+eLs7oD2zBuGkI69mot6onDhMpOnE3QqFEPT9ta820
    37  EpZnkksHEBF0YD24vFaGHgAEksYLMQA4igUCGB5UYQg+lebTGQ1eGPcW+qwVmSGw
    38  vGrelBtyxty1j92atxRfCkUQ/YbqBIAB2CECSVok03hHWcZCkf69A4lqui74pgLf
    39  iazfCvYRdcqbBUiuZBj/bNzLuCDnt4bP4l6EJI7LugMsAs+eruhdIJoC0+fgrTYG
    40  0i5bMO4zTuvFWw7Zctz+u02lqfz+xvG8NdMaEIipJNkQwfys4emi+Sj08e8ueFq9
    41  hOt/88F8UKUjlVEAEQEAAbQ9Q2hyaXN0b3BoZXIgQ2hhcmxlcyBIYXJyaXNvbiA8
    42  Y2hyaXMuaGFycmlzb25AZWxlY3Ryb25ldW0uY29tPokBzgQTAQoAOBYhBAuPXe76
    43  v1Y/TUWiF8xImfE3SRsvBQJi3mRzAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
    44  AAoJEMxImfE3SRsvHPoL/3nehlcd7imL+yvVNTuOMciWC+4pIp3EIBhNql6Wy16/
    45  URDTVeyB5ixb1A8Z3Ohdtld0jhE6yGWQ9dR62V2QHBX5D9z3bL2k0fz+49l2v0HA
    46  u2YPRK1LLpaDUN72Lxj++owdBDadpyEFvJ/gq6gs8pLTvuXp/rNEtUN/7VhgCTW+
    47  o1v0ulDmkWGhFcSdbP9RPbNFKHetjbQGu0uQ6FkljKk/O6ZrPIbdPijgSXab2H3c
    48  eJ0qLMFznS3v8bzN/klaZfPAVhVGFt2usdZSdU82UCP8kCNPLcJ3ISWgmwOrAUgh
    49  UW0HgBTRjyODPbDGFparHRwPJbqlkSq1LSMePGQYWyqNzL2HyGv5LYeviZ3sTuYs
    50  LS2GVPmG1VXqTiwILpOBPoIMSWPR0/ugKYNSfE9h6GEeQZsBHbNFlsfrisJztl8X
    51  S2fCMJ9JmPrrjuC0v0UzkfCHqJDHYZzh3+6kHsH6HdrDNybWjn1+FaOVB7ENR+lI
    52  uw/M+NeS/7RmSfprFBtfvrkBjQRi3mRzAQwAs/40LMUxRl9xMcyBYRyzaiUNVJRH
    53  cBcf2VBvr3FnMWS8MTXO+VP0gpqxvtj5nyVwovH+k8XTb9roCCOmcnzbSP+PhXyv
    54  cU4bAi+Q+2hcVWD7lLgWpuCNAbSEBZzmf+k38QrVe+jWq+KSrrbyjIHOdGQq2qGo
    55  3zZ3cHRL/Np1OrJ7/wYtMtZTPAN0/DnBEy88k2zvzMb4VgZdWwRCPMciNqqNGs09
    56  VixVBjBtsjcn6Bd7NBZGyWQRKcl+SJrcs2rA/xkYdlCMfYCH8zngWSIBfc5mslcR
    57  fVCXOAJfGhiP/PAdGXn40zloMH/5hy09XnSi3fMKrAn6A/JnwE8hd3sSJl7aL0mH
    58  guudgGEzFsIaNH1jR9m8T2h2752acqb1rp41GR+7xEiWJo8sQcBrJ97/UZOvDcZT
    59  u39QMvueJyWvghRNJUMf5TUMAdTPDhnTLr8iA7iHstjBzNPnmGey2977zZGEmHn/
    60  tPT0lsqlw8XNmcsCY49mNOkQZirsNc8eH8OBABEBAAGJAbYEGAEKACAWIQQLj13u
    61  +r9WP01FohfMSJnxN0kbLwUCYt5kcwIbDAAKCRDMSJnxN0kbLyLXC/4sHLBubWll
    62  zvSFhyqCqozoppuQ2L+vyiLYjPd33A1JewkVDo2UPjh8RIQVBpBmErXeJf8B8CdC
    63  S4UGqf0MBjUyWQ3m3kk26oMnxDuqfFRKb2uliEAMeOUP2WPvOcZgnv+KMq26yxPc
    64  qQ1z1xm/OZmcZsp6pGp9p6aAmsD+CxL1wksgbWwAo1NXA8k9Q33AK7wHu6eWhjF6
    65  5bKvIDFUUPuJcf37KkP9Pza9THsIJPF49Ub7zSIOFxf565LEDL8EmMBwo7vT/DcX
    66  3U4et+czRkroRP5xRtNMGWo/WX1ig9i8GwJcA3p/5A8k48pKRJHs36NPa91OGvGE
    67  syyrQve++pJspQ8s4vUdv0FyJrCGI6Qg5Zzequ6SpBVBa0kdv/wjxcPOlFpnSitw
    68  h3Hx8StF2+sYYp9b2SrS6aa2/TLXxClRTgYNt15XuaLyT23zF2KpnFFKW2zx06nE
    69  Ijn0ERV9kkA4MvB/37KXIKpEgWgPm7f2NEXR9zNmpuu7b916KmO99q4=
    70  =CE/G
    71  -----END PGP PUBLIC KEY BLOCK-----
    72  ```
    73  
    74  If you find a vulnerability in any of the sister projects of the Electroneum Smart Chain, such as
    75  
    76  - the main Electroneum website (https://electroneum.com/) and it's API (https://api.electroneum.com/);
    77  - the MyElectroneum wallet system (https://my.electroneum.com/);
    78  - the freelancing platform, Anytask (https://www.anytask.com/) and it's API (https://api.anytask.com/);
    79  - the mobile apps, IOS (https://apps.apple.com/us/app/electroneum/id1270774992) and Android (https://play.google.com/store/apps/details?id=com.electroneum.mobile&hl=en_US)
    80  
    81  please report these via **BugCrowd ONLY** (https://bugcrowd.com/electroneum).