Security is an ongoing process. This page explains how to report vulnerabilities, what to expect during triage, and how we coordinate fixes and disclosures.
We ask researchers to report issues privately and give us time to verify, remediate, and communicate changes responsibly.
If you act in good faith and follow the policy guidelines, we aim to support responsible research and avoid adversarial outcomes.
Where appropriate, fixes and learnings are shared after remediation so the ecosystem can benefit from improved security posture.
Send reports to security@paxeer.app. Include proof of concept details when safe to do so, and avoid public disclosure until we coordinate a timeline.
Email a clear write-up, reproduction steps, and impact assessment to our security address. Include affected components and any constraints for testing.
We validate the issue, assess severity, and coordinate next steps. We may ask follow-up questions to confirm scope and impact.
We prioritize a safe fix, coordinate timelines, and align on disclosure. For critical issues, we focus on minimizing user risk while changes roll out.
After a fix is available, we coordinate a public write-up when appropriate, credit researchers (if desired), and document mitigations.
If you’re unsure whether an issue is in scope, report it anyway. We’ll help route it correctly.
Consensus, execution, node software, RPC surface area, and any official contract systems that affect settlement or safety.
Paxeer-operated web apps and dashboards, plus supporting services where vulnerabilities could impact user assets or privacy.
Wallet connection flows, signing UX, and bridge/router integrations where a vulnerability could create loss or unsafe user behavior.
For the authoritative disclosure policy, see the repository security guidance. If you are working with incident response or secured funds, review SAFU.
Process expectations, confidentiality guidance, and security contact details.
Guidance for coordinated handling when funds are at risk, including a structured process for secure transfers.
We publish security updates as they become available. For now, use the bug bounty page for the most current reporting guidance.
Go to bug bountyClear and timely reports help keep users safe. Share what you know, and we’ll work with you to validate and resolve the issue responsibly.