The safety and security of our sdk is our top priority. If you have discovered a security vulnerability, we appreciate your help in disclosing it to us responsibly.
For critical or high-impact vulnerabilities that could affect our users, please contact us directly at:
- Email: [email protected]
We'll work with you to assess and understand the scope of the issue.
For vulnerabilities that are less critical and do not immediately affect our users:
-
Open an issue in our GitHub repository (
https://github.com/bcnmy/passkey/issues
). -
Provide detailed information about the issue and steps to reproduce.
If your findings are eligible for a bounty, we will follow up with you on the payment process.
The bounty program covers code in the main
branch of our repository. The vulnerability must not have already been addressed or fixed in the develop
branch.
To be eligible for a bounty, researchers must:
-
Report a security bug that has not been previously reported.
-
Not violate our testing policies (detailed below).
-
Follow responsible disclosure guidelines.
-
Do not conduct testing on the mainnet or public testnets. Local forks should be used for testing.
-
Avoid testing that generates significant traffic or could lead to denial of service.
-
Do not disclose the vulnerability publicly until we have had the chance to address it.
-
Known issues listed in the issue tracker or already fixed in the
develop
branch. -
Issues in third-party components.
By submitting a vulnerability report, you agree to comply with our responsible disclosure process. Public disclosure of the vulnerability without consent from us will render the vulnerability ineligible for a bounty.
Thank you for helping to keep Biconomy 🍊 and the blockchain community safe!