Skip to content

Security: ComposableFi/composable

SECURITY.md

Security Policy

At Composable, we are always striving towards writing secure and stable code. If you have found a critical bug or a security
vulnerability, you can simply report your findings to us.

Reporting a Vulnerability

When you report a security vulnerability please include:

  • Description of the findings
  • Platform(operating system, and rust version)
  • Reproducible code sample(Make the vulnerability easy to reproduce)
  • Type, Severity and impact of Vulnerability
  • Name to be credited if the vulnerability makes it to an official vulnerability advisory

The more information you provide the better. We recommend submitting a report where you describe the vulnerability, show us how you found it and provide reproducible code samples. Providing mitigation advice is also recommended.

The report should be submitted to security@composable.finance.

Responsible Disclosure

We are encouraging responsible disclosure of security vulnerabilities by providing a legal safe harbor. In return, we ask you to not publicly disclose your findings until either 2 weeks of time has passed or after the bugs have been acknowledged and fixed.

Scope:

What is currently in scope is finding bugs in a our code base running in a local environment. Exploiting production systems is strictly prohibited

Rewards

Rewards are granted depending on the severity of the vulnerability, payed out in PICA tokens.

There aren’t any published security advisories