ERON MARKET – Disclosure Policy

DICLOSURE POLICY

DISCLOSURE POLICY 

 Posted: 03 August 2021 

Last Updated: 03 August 2021

 

Responsible Disclosure Policy

The security of the future ERON blockchain, and associated core components, is a top priority for the ERON PROJECT. Our mission is to become a layer of trust for digital financial systems at internet scale, and the highest level of security is a mandatory prerequisite.

The security researcher community regularly makes valuable contributions to the security of organizations and the broader Internet, and ERON PROJECT recognizes that fostering a close relationship with the community will help improve the security of the ERON blockchain.

Reporting a Security Issue

Please DO send an email to security@eronproject.com

Please DO NOT open public issues on Github that contain information about a potential security vulnerability as this makes it difficult to reduce the impact of valid security issues.

What to include:

• Well-written reports in English will have a higher chance of being accepted

• Reports that include proof of concept code will be more likely to be accepted

• Reports that include only crash dumps or another automated tool output will most likely not be accepted

• Reports that include products & services that are out of scope (see the Scope section below) will not be considered

• Include how you found the bug, the impact, and any potential remediation

• Any plans for public disclosure

What you can expect from us:

• A timely response to your email (within 2 business days).

• An open dialog to discuss issues.

• Credit after the vulnerability has been validated and fixed.

Coordinated Responsible Disclosure Policy

We ask security researchers to keep vulnerabilities and communications around vulnerability submissions private and confidential until a patch is developed to protect the Eron blockchain and its users.

Please do:

• Allow the ERON team a reasonable amount of time address security vulnerabilities

• Avoid exploiting any vulnerabilities that you discover

• Demonstrate good faith by not disrupting or degrading ERON services, products & data

ERON pledges not to initiate legal action against researchers as long as they adhere to this policy.

Responsible Disclosure Process

1. Once a security report is received, the Eron team verifies the issue and establishes the potential threat

2. Patches to address the issues will be prepared and tested on private testnets

3. The Validators community is informed about an upcoming public testnet release to prepare them for upgrading in a timely manner

4. The public testnet is patched and additional tests are performed

5. The Validators community is informed about an upcoming mainnet release to prepare them for upgrading in a timely manner

6. The mainnet is patched and additional tests are performed

7. We publish a security advisory on GitHub

8. We give credit and applicable rewards to the submitter(s) of the issue

Scope

• Virtual Machine (Arwen) Repository:

• Wallet Located at https://www.eronwallet.com

• Explorer Located at https://www.eronscan.com

Out of scope

• Scam & phishing attempts involving ERON products

• Lost or compromised secret phrases, keystore files or private keys

• Physical vulnerabilities

• Social Engineering attacks

• Functional, UI, and UX bugs such as spelling mistakes

• Descriptive error messages

• HTTP error codes/pages

Contact Us

Get in touch with us at security@eronproject.com. Whether you want to submit an issue, a recommendation or have security related topics to bring up, we’re happy to hear from you.

In order to protect the ERON PROJECT, we request that you not post or share any information about a potential vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability and informed partners if needed.