Skip to content

Security: Ro5s/Startup-Starter-Pack

Security

SECURITY.md

Security Policy

Supported Versions

Please see Releases. We recommend to use the most recent released version.

Disclosing a Vulnerability

The wrong way to disclose

The following actions: will disqualify you from eligibility under our forthcoming bug bounty program:

  1. File a public ticket mentioning the vulnerability
  2. Test the vulnerability on the mainnet or testnet

The right way to disclose

Please email us at security@optimism.io. We appreciate detailed instructions for confirming the vulnerability.

Bounty Program (coming soon)

We will be launching a bounty program very soon, focused primarily on our deployed smart contracts. Any vulnerability reports received prior to the launch of this program will be considered for a payout within that program.

The following key may be used to communicate sensitive information to developers.

Fingerprint: AF4B 924E 3D03 E7B9 AB95 25E5 D3CD 8BD7 64AC E995

-----BEGIN PGP PUBLIC KEY BLOCK-----

mFIEXnlZUhMIKoZIzj0DAQcCAwQhuVLb3ZGRJ/EpcvO/02F1PNpcuT6tIw5BhHdt
xc97gENYp6XrhtemC51M6/igxITiSIhwRvUjuVenVo/fww6RtCVNYXJrIFR5bmV3
YXkgPG1hcmsudHluZXdheUBnbWFpbC5jb20+iIAEExMIABwFAl55WVICCwkCGwME
FQgJCgQWAgMBAheAAh4BABYJENPNi9dkrOmVCxpUUkVaT1ItR1BHrDoA/00pjZ58
d0DoAmQs8Qnytkwyiewk+l5gUwGGgL1PzXj1AP9VPARuoWOMMlxItVExaTmD0y6e
a1rc21ANUAoBa53T77hWBF55WVISCCqGSM49AwEHAgME+UsSeTWeDdE1MJjJwZKS
xGHLkzRp5gcL9i1qETII3mVAQwIx+vZ/vn2XsXGBgLSoGQLIEDix8wKPbc77G8MR
LQMBCAeIbQQYEwgACQUCXnlZUgIbDAAWCRDTzYvXZKzplQsaVFJFWk9SLUdQR+4Q
AP4gAyKnTCX7xRn6JxSsreiihfqJ9GyEz7eYYobg5m4J8AD/TNlbgcARCIc28BEy
uTRoTkujtMVATibXMnY7++xRXbc=
=Q/dE
-----END PGP PUBLIC KEY BLOCK-----

Copy the above key to a file and use the command gpg --import <file> to import the key into the gpg keyring.

There aren’t any published security advisories