Responsible Disclosure Policy
Security is the core of Talos Protocol. We take all vulnerability reports seriously and are committed to working with the security research community.
How to Report
Please report vulnerabilities via email to security@talosprotocol.com.
Include "VULNERABILITY" in the subject line. We accept reports encrypted with our PGP key (see /.well-known/security.txt).
What to Include
- Description of the vulnerability
- Steps to reproduce (POC scripts preferred)
- Affected component (Contract, Dashboard, Gateway, SDK)
- Potential impact estimation
Our Commitment
- We will acknowledge receipt within 48 hours.
- We will provide a timeline for fixes.
- We will publicly credit you (with permission) in our changelog once the fix is deployed.
- We generally do not pursue legal action against researchers who follow this policy.
Out of Scope: Social engineering, denial of service (DoS) against public infrastructure, and physical security attacks.