To report any vulnerabilities, please contact us using this info:

• Email: [email protected]
• Keybase: yakuhito_chia
• Twitter: yakuh1t0

A public prize pot is kept at xch1z7858gvuwpm9tsqdevaf9nemvmragszhv76tpe3v7q9awhl8uyaqc47p9q (SpaceScan; XCHScan). We reserve the right to decide whether a vulnerability report should be awarded or not, as well as the exact amount to be awarded on a case-by-case basis.

Generally, we will award critical issues that would break the protocol or the bridge apps contained in this repository. For example, it's likely that a vulnerability that allows someone to unlock (unwrap) more XCH than they are supposed to will receive a bounty. Likewise, an issue that allows a message to be relayed twice will also (most probably) be awarded.

Scope:

• Chialisp in this repository (for the cross-chain messaging protocol, as well as for the two bridges)
• Validator code
• Solidity code (only after 1st audit is announced and finished)