Responsible Disclosure
RAX Protocol is committed to the responsible disclosure and remediation of security vulnerabilities.
We encourage security researchers, auditors, and community members to report potential issues in a coordinated and responsible manner.
Scope of Disclosure
Responsible disclosure applies to vulnerabilities related to:
RAX Protocol infrastructure
Risk models and analytics systems
APIs and data pipelines
Allocation and monitoring logic
User-facing applications
Issues affecting external protocols or third-party systems should be reported to the respective maintainers.
How to Report a Vulnerability
If you believe you have identified a security vulnerability, please report it privately and responsibly.
Reports should include:
A clear description of the issue
Steps to reproduce, if applicable
Potential impact assessment
Any relevant logs, screenshots, or proof of concept
Do not publicly disclose vulnerabilities before remediation or coordination.
Disclosure Process
Upon receiving a report, RAX will:
Acknowledge receipt of the report
Assess severity and potential impact
Work to validate and remediate the issue
Coordinate disclosure timing where appropriate
We aim to handle all reports promptly and transparently.
Public Disclosure
After remediation, RAX may:
Publish a summary of the issue
Acknowledge contributors where appropriate
Update documentation or safeguards
Public disclosure is handled in a way that prioritizes user safety.
Bug Bounty
A formal bug bounty program may be introduced in the future.
Until then, responsible disclosure is still encouraged and appreciated. Recognition may be provided on a case-by-case basis.
Summary
Responsible disclosure helps protect users and strengthen the RAX ecosystem.
We value collaboration with the security community and treat all reports seriously.
Last updated