This page describes general best practices for reporting bugs and specific reporting guidelines for Hemi code contained within the Hemi Labs GitHub organization.
Do not disclose vulnerabilities publicly or by executing them against a production network. If you do, you will not only be putting users at risk, but you will forfeit your right to a reward. Always follow the appropriate reporting pathways.
🪲 Hemi Vulnerability Disclosure Program
Vulnerability Disclosure Program (VDP)
If you think you have found a significant bug or vulnerability in any Hemi smart contract, application, infrastructure, etc., please report it on the HackerOne Vulnerability Disclosure Program.
Bounty Program
HackerOne hosts Hemi's dedicated Bug Bounty program. Contact HackerOne to get involved and learn more about the information relating to components in scope, reporting, and the payout process.
For other security-related questions or concerns, please contact [email protected].
