This directory is a community-curated resource for contacting security teams. It identifies the best way to contact an organization's security team so that hackers can report vulnerabilities directly to the organizations that can resolve them. This repo was adapted from the awesome blockchain security contacts list created by Trail of Bits!
This document is a work in progress. We're happy to accept feedback, questions, or ideas for improvements. File an issue to talk further.
- Refer to disclose.io for vulnerability disclosure program best practices
- Don't make researchers agree to terms to report security issues to you
- Create a security@ email address that delivers directly to your engineering team
If you find a core problem with any Ethereum client or the protocol, please contact bounty@ethereum.org or check out their Bug bounty program.