Any vulnerability or bug discovered must be reported via the following email: bugbounty@bancor.network

Please provide as much information about the vulnerability as possible, including:

• The conditions on which reproducing the bug is contingent.
• The steps needed to reproduce the bug or, preferably, a proof of concept.
• The potential implications of the vulnerability being abused.

The vulnerability must not be disclosed publicly or to any other person, entity or email address before Bprotocol Foundation has been notified, has confirmed the issue is fixed, and has granted permission for public disclosure. In addition, disclosure must be made within 24 hours following discovery of the vulnerability.

Anyone who reports a unique, previously-unreported vulnerability that results in a change to the code or a configuration change and who keeps such vulnerability confidential until it has been resolved will be recognized publicly for their contribution if they so choose.