Flow Responsible Disclosure

If you believe you may have found a security vulnerability in one of our products or platforms,
send us an email: security@onflow.org

Guidelines for Responsible Disclosure

We ask that all researchers adhere to these guidelines.

Rules of ENgagement

In Scope URIs

Be careful that you're looking at domains and systems that belong to us and not someone else. When in doubt, please ask us. Maybe ask us anyway.

Bottom line, we suggest that you limit your testing to infrastructure that is clearly ours.

Out of Scope URIs

Be careful that you're looking at domains and systems that belong to us and not someone else. When in doubt, please ask us. Maybe ask us anyway.

Bottom line, we suggest that you limit your testing to infrastructure that is clearly ours.

THINGS NOT TO DO

In the interests of your safety, our safety, and for our customers, the following test types are prohibited:

Sensitive Data

In the interests of protecting privacy, we never want to receive:

Our Commitment To You

If you follow these guidelines when researching and reporting an issue to us, we commit to:

Disclosure Acknowledgements

Security acknowledgements can be found at https://dapperlabs.com/security_nods.txt

Reporting Security Findings

Reports welcome! Please do reach out to us if you have a security concern. If you believe you may have found a security vulnerability in one of our products or platforms, send us an email: security@dapperlabs.com

We encourage you to encrypt the information you send us using our PGP key at keys.openpgp.org/security@onflow.org

Please include the following details with your report: 

Community vibes
Join Discord

Благодарим вас! Мы получили вашу заявку.
Упс! При отправке формы что-то пошло не так.