This security policy applies to primarily smart contracts. Frontend security issues can be reported for any of the versions, whether or not we support them below (the URL just has to be active, such as https://test.optional.finance).
| Version | Supported |
|---|---|
| 0.1.2 (Mercury) | ❌ |
| 0.2.x (Venus) | ✅ |
DO NOT USE THE GITHUB ISSUES TO REPORT A SMART CONTRACT VULNERABILITY! DO NOT REPORT IT IN ANY SOCIAL CHANNELS!
Any vulnerability or bug discovered must be reported only to the following email:
When reporting a vulnerability or bug, please ensure to provide as much information as possible, including:
- The conditions in which the bug was reproduced
- The required steps to reproduce it (in a closed environment, testnets do NOT count) or proof of concept
After reporting, you may not publicly disclose the bug until all of the following conditions have been met:
- We've approved to publicly disclose it
- Issued a patch and safely migrated OR the bug has been deemed to not affect operations