Skip to content

Security: near/core-contracts

Security

SECURITY.MD

Reporting Security Vulnerabilities

NEAR values the independent security research community and believes that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users.

Please do NOT raise a GitHub Issue to report a security vulnerability. If you believe you have found a security vulnerability, please submit a report to [email protected], preferably with a proof of concept.

We ask that you do not use other channels or contact project contributors directly.

Non-vulnerability-related security issues, such as new ideas for security features, are welcome on GitHub Issues.

Security Updates, Alerts and Bulletins

Security updates will be released on a regular cadence. Security updates are released on the Tuesday closest to the 17th day of January, April, July, and October. A pre-release announcement will be published on the Thursday preceding each release.

Security-Related Information

We will provide security-related information such as a threat model, considerations for secure use, or any known security issues in our documentation. Please note that labs and sample code are intended to demonstrate a concept and may need to be sufficiently hardened for production use.

BugBounty Program

NEAR uses HackenProof as a conduit for reporting defects and vulnerabilities as well. To report a vulnerability that you believe you have discovered in the Near or Pagoda platform, please use one of the following programs to report it:

There aren’t any published security advisories