Security

Different from common bugs, security issues that are an immediate threat to CodeChain’s well-being should be reported directly to us at security@codechain.io. When reporting such security issues, it would be of great help if you refer to the following guidelines:

Security issues fall into one of three categories. These three categories are classified as 3 levels: P1(high), P2(medium), and P3(low).

  • P1(high): a security vulnerability that will result in loss of value.

    e.g. Steal tokens from someone, mint tokens at your discretion

  • P2(medium): a security vulnerability that will not result in loss of value but can result in a loss of function of the CodeChain engine.

    e.g. Block actions for all users

  • P3(low): a security vulnerability that will not result in loss of value or function but can cause great inconvenience for some fraction of users.

    e.g. Block a user from transferring tokens

When reporting security issues, please mention the security issue’s category in the email’s subject/title.