Skip to content

Security: dsrvlabs/xpla

Security

SECURITY.md

Security Policy

This document provides the policies that the XPLA core team has in place for handling security issues and vulnerabilities.

Reporting a Vulnerability

Thank you for taking time to improve the security of the XPLA Chain. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.

Please report any security issues via email to [email protected], [email protected], or [email protected] with the following details:

  • Your name
  • Your affiliation (if applicable)
  • Technical description of the issue, including steps to reproduce
  • Explanation of who may be able to exploit this vulnerability and what the impact or implications may be
  • Whether this vulnerability is public or known to third parties. Please provide details where applicable

Alternatively, you can contact us via Discord or Telegram at:

Telegram Discord
Alfred Yun @AlfredYun xpla_alfred
Sundae Jeong zenaad_sdjeong
Yeon Hwang @yeon_delight yeon_delightlabs

NOTE: Please avoid opening issues publicly on GitHub or any other social media. This makes it difficult to reduce the impact and harm of valid security issues.

Coordinated Vulnerability Disclosure Policy

We ask security researchers to keep vulnerabilities and communications around vulnerability submissions private and confidential until a patch is developed. In addition to this, we ask that you:

  • Allow us a reasonable amount of time to correct or address security vulnerabilities.
  • Avoid exploiting any vulnerabilities that you discover.
  • Demonstrate good faith by not disrupting or degrading services built on top of this software.

Vulnerability Disclosure Process

The XPLA core team uses the following disclosure process:

  • Once a security report is received, the core team works to verify the issue.
  • The team investigates and determines affected versions and the scope of impact.
  • Patches are prepared for eligible releases in private repositories.
  • The team communicates with the validators and relevant ecosystem stakeholders that a security release is coming, to give them time to prepare.
  • The fixes are applied publicly, and new releases are issued.

Every effort will be made to handle and address security issues as quickly and efficiently as possible.

There aren’t any published security advisories