We are thankful for the proactivity and the responsible approach of most researchers.
We encourage all researchers to report any vulnerability that they find, be it on the smart contracts, the web application or APIs, whatever their severity, to the Polkamarkets Labs team, by following the process described below, which is based on dioterms.
We require that all researchers:
- Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, destruction of data and/or misappropriate user funds during security testing;
- Perform research limited to the scope described above in the Bug Bounties section;
- Use the identified communication channels to report vulnerability information to us;
- Keep information about any vulnerabilities you’ve discovered confidential between yourself and Polkamarkets Labs until we’ve had 90 days to resolve the issue, or until we agree on public disclosure (whichever comes first); and
- Do not engage in extortion.
If you adhere by our requirements when reporting an issue to us, Polkamarkets Labs commits to:
- Working with you to understand and resolve the issue quickly (including an initial acknowledgement of your report within 72 hours of submission);
- Not pursuing or supporting any legal action related to your research;
- Rewarding you for your report when applicable (see Bug Bounties section);
- Recognizing your contribution on this page, in the “Thank you to researchers” section, if you are the first to report an issue that we fix via a code or configuration change.
Please report any vulnerabilities via email to firstname.lastname@example.org.