Numio Docs
Search…
Bug Bounty Program

Scope

Issues that can lead to substantial loss of money, critical bugs like a broken live-ness condition, irreversible loss of funds, or enforced exodus mode.

Assumptions

To be eligible for the bug bounty, a bug should adhere to the security assumptions of Numio. You can read more about them here.

Disclosure Policy

Let us know as soon as possible upon discovery of a potential security issue.
Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third party.

The Wrong way to Disclose

The following actions will make you ineligible for the bug bounty program:
  • Filing a public issue about the vulnerability
  • Testing the vulnerability on mainnet or testnet

The Right Way to Disclose

Please email us at [email protected]. We appreciate detailed information about confirming or fixing the vulnerability. Please use the PGP key to encrypt the message if the information being sent is sensitive or critical.

Exclusions

  • Already known vulnerabilities.
  • Vulnerabilities in code do not lead to lost funds or frozen.

Eligibility

  • You must be the first reporter of the vulnerability
  • You must be able to verify a signature from the same address
  • Provide enough information about the vulnerability

Bounty Payout

[chart for bounty likelihood/severity goes here]

Contact

Please submit your requests or reports here: [email protected].

Public PGP Key

🔓
The following Numio PGP key may be used to communicate sensitive information to us.
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGETnzgBDADcId+Z4OJtG07qnHMh5ZSUPyRq/aQb6NqAEZ0lzSfSyJZnHpKH
I++LNQmWIpmEafxCwolzzZ3AlvcTuI+pyKtvccwTQng52bx3jgmvDNQPVaHY+Z8y
Forzpcj6rn8dqdgiL2RmIA0CgEHV/lDQoiVm6Se7udL9rHb3QmWIUVraV7qVg1Vx
h2DPYufVKY/exl9zuHnRFE5hX6jC9BF7GG9KrCLhcb0rHA25CfyWnrv2pRPNN2cQ
AUN1w+v50QRO8gUOyk2ebAXWWs9+U0+0nKG4cTgkNuV7rhK9CcJMvCuxiw1RASTj
uStYb7mY0KdDrzbESmPoZ4cJYrouxrEAq8vKyf/HN/YuUnYsnUdXE7SlG4eBw9ZX
62YrocOhV5bCriocOVkquXgi1xTCmlhMu76co80GAHIkH3qslqdqADw8Z0VH9Z1i
2FAgUq4SyK9+/2r2vO0IB9ajP4osFuiDDv7qFT6ankgnnLXro7stfok4CB21gx5/
7LOo67M7bY8S3qUAEQEAAbQXTnVtaW8gPGhlbGxvQG51bWlvLm9uZT6JAdQEEwEK
AD4WIQTppnKJq4Zm1J1xJLekGaG3GiVVcQUCYROfOAIbAwUJA8JnAAULCQgHAgYV
CgkICwIEFgIDAQIeAQIXgAAKCRCkGaG3GiVVcWhIC/47IadUUsabZgtJo28f3sq8
9EoytTVDMxKwfPawtN8zq/jPoUa18b8w7g0ilApwrZOOt4sUGKL2YdJWg21osd/8
IYbQi2sVlZXAks/hflKHaM1S7RPyssnOEde0RZKjM+eotmonc99Zzjs8r4GyIONN
xoMbsbGL1e5w50IcJv699Zs/Wuw5zPJb6AtDa1WDl5l4mDgXKgO5rhW9J80Gxgq/
sUv1+Dynd5SPefF5G6fgO0zzZPp8VhSH5hHxGi85BK+f6/ddN1IcBNO4ivSHHExA
RLN3LgIe3FfjVYpPRa8R3r1v9+750j3gn/r3mHtVGm2W+Po5Z/CmZLLmkWMyBC5D
i+zCI3TZnxsODD0e1qZrW++xClN7YJ8di/6me4l5mV1E7UU+eNKeMmw1P6NluJPc
WvcW4prVj4AfznKk2ILDtsqiUc66RwCDG2l6CbDfpsPwRNki1a1vi+3yFaVAzgQj
zqf24cXtE/MYlbhXFlX/uDHAG2Uk06fUml9R3HFskv+5AY0EYROfOAEMAJT8HWVB
RIwUXUF331owChrwcNO1so8HpWobt5qOi4dgjpo0Yvoqjb7C0Y/GOP7Os1x+mD5y
uJP6ZdKHesXdRFOHv1XwX46xoLULxjFRkxbmVQfSWhNpOrU5gDsdlCmbkgD55QGw
UEr+Z7Tbu84Ry/T8qAvmBSSn8vkHwEOoc2ET2DRb3uatEeSTl+Myqf/5aVm9iUNN
Id3fWt94E6nApj0hcdMVvVBnuNvFaAGGljjJ5m3GUu3r6vo5N+4dNmltbHwvLdDe
Bnj4WL/4QIbM670cEowwU7W5WpdWcINqNzxp3wrQEeNK7387wpm/pmlB4wpgZ58+
+Ru+3VclhfFJ50xY9U9ZTY6VmsWUpLOacwdJoxu3Raw/79kMzxxSWL8LajHmNqSB
m7dS5EN9kB12gSi3BIZhQbcT6kT4/NxrhPfi8JBz+ADiERyWiUipiYPI03wHFClP
iaSyayN32TFP2KAUYaGStc1m0g+CQmC81hxhbKfrz3iLYKctRcLRrTfmvQARAQAB
iQG8BBgBCgAmFiEE6aZyiauGZtSdcSS3pBmhtxolVXEFAmETnzgCGwwFCQPCZwAA
CgkQpBmhtxolVXH5bAv/bV2qDsyiHBIIU2IuTe3PaVUesGBqh4pDPuiVzpcA5+sW
ZR0P2cEWSY9ebc9bnhjO37WXGD0E13heeMlgLdygKoD1enE5bK4RE8J9y58iHCfO
OoSMi3oe07JMMOiFC8yFSBme+visnSqMk16WA87lMNlCWeftA5TLjmxIIrJBtbm3
9cZGs6L6k8wZVjDO+VFI1Ogp7o0HnbtWWMI0UnG38xcF9B3qjZrV8VYvo7Ivj8Ug
i3ehodB7vvM8sj45pgq3RSKid6CBMaCYKFhafnjQNkpdRwDFAow8fLXklYC02hL1
hXnn02zkvXnM/cZ5k6jeTk7FnQltdEWEk8hwq5/v7YFU3jsnhhsjmTJ93Puu34dL
27NqgU0IOt3L1nSh3n+9qxGUyM+TqmZquCrLPUGeGtFjEV+9j7I7RgHemHbxXt/S
tuRG7C7hphUJhBnA3i46QlmZo9/ButEzWibHiNr9pU2Vj1L4ZwJQezZ08BLFsUZw
XjqE2zv0rcwWJwDfTe6t
=kmbj
-----END PGP PUBLIC KEY BLOCK-----
Copy link
On this page
Scope
Assumptions
Disclosure Policy
The Wrong way to Disclose
The Right Way to Disclose
Exclusions
Eligibility
Bounty Payout
Contact
Public PGP Key