If you think you have a found a security vulnerability that either:
- Puts all projects importing a certain dependency at risk, or
- Puts specifically users of our project at risk
Then please follow this reporting procedure.
At first, DO NOT blast the vulnerability/exploit in any public channels or forums. This can give attackers a notice to pounce and harm users.
Please document the vulnerability, detailing which dependency, file/lines of code, or component are at-risk or exposed to the vulnerability. Please write a short paragraph detailing what the vulnerability is, how it works, and what is at risk.
Send that report via email to [email protected] and also direct message MaikeruKonare#1043 and Maxbrand99#5913 on Discord if possible.
We will respond ASAP to prepare a patch (if applicable) and notify our users in an appropriate way to take action updating/pulling the fix. After you have given us a reasonable notice of at least 3 business days or the fix has already been released so the threat is past, you may discuss publicly.
Thank you for helping us keep the Axie Infinity community safe!