Different from common bugs, security issues that are an immediate threat to CodeChain’s well-being should be reported directly to us at firstname.lastname@example.org. When reporting such security issues, it would be of great help if you refer to the following guidelines:
Security issues fall into one of three categories. These three categories are classified as 3 levels: P1(high), P2(medium), and P3(low).
P1(high): a security vulnerability that will result in loss of value.
e.g. Steal tokens from someone, mint tokens at your discretion
P2(medium): a security vulnerability that will not result in loss of value but can result in a loss of function of the CodeChain engine.
e.g. Block actions for all users
P3(low): a security vulnerability that will not result in loss of value or function but can cause great inconvenience for some fraction of users.
e.g. Block a user from transferring tokens
When reporting security issues, please mention the security issue’s category in the email’s subject/title.