Skip to content

Security: rsksmart/tokenbridge

SECURITY.md

Token Bridge's Security Process

We're committed to conduct our security process in a professional and civil manner. Public shaming, under-reporting or misrepresentation of vulnerabilities will not be tolerated.

Responsible Disclosure

For all security related issues, Token Bridge has to main points of contact. Reach us at security@rootstocklabs.com or refer to our Bug Bounty Program. Do not open up a GitHub issue if the bug is a security vulnerability.

Ensure the bug was not already reported by searching on Github under Issues.

Vulnerability Handling

Response Time

RootstockLabs will make a best effort to meet the following response times for reported vulnerabilities:

  • Time to first response (from report submit) - 5 business days
  • Time to triage (from report submit) - 7 business days
  • Time to bounty (from triage) - 15 business days

We’ll try to keep you informed about our progress throughout the process.

Disclouse Policy

  • Follow HackerOne's disclosure guidelines.
  • Public disclosure of a vulnerability makes it ineligible for a bounty.

For more information check RootstockLabs bounty program policy at HackerOne

Public Keys

Security

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2

mQINBFoF+z0BEADJNtu4DjEqH3+TzdwNwPfRmHo7hhSBR08wnLfkWmsm3IxgEqdB
wYU8rMNXpnsiToTjDnCYYacxQR5uUN4MbYvtnKqGbiapZ5EgCDoRMKYKhJwTuAjH
ju9cPfblwuIG9eLJ7NJ9t/C+07JQQzDolPo3JBzXjeNDMS21YNqiUfHRCIKcTC45
/ksfX0q5UG0KM0FgYiAYJer0OQp/A2KETzzweXdNTs+KXDuA1ChafQ/3x3efDG+D
HekfQULToISKMq36Fh2icjMDY4I93iDXGa8xDoGYt1OIGuPS37XVdNjudlvsybgU
8Y6vnw3xp9r5dP3Dvb43yYNXAiTErLiU6jkufUj1Jo85nwJDMSiaXwFfAeiiv1WO
ThdRwrEOKYLVIAb0mhT1Gcqf4PC0nVX/RyPsF8OztgiJBAp/4jY/8POmGi7KdDKG
Fa/r1eV/Tuk8yfh+GYq7LkdT92up5uUxPACCGvkP3+5vLu9R8ttO6DDl3eYGIpla
mP4JTGaFWmVi/Fq+7u2JTZI3CpVsx7CBH5Loluof6Yp6ijqtrzDwGPsD6a/qqQpx
hPwO0jYhrCFgRl369gkavlT4y2IodNw8D1Hx1MtIYLVwS7PD7XIcfLwsOl5I0Bc5
SKbW4hJ8VPj/Qv+I5tDu1G/GbTmE5wSly7SbVMSvtSOUzIlbczONKi+mrQARAQAB
tB9TZWMgQ2hhbm5lbCA8c2VjY2hhbm5lbEByc2suY28+iQI9BBMBCgAnBQJaBfs9
AhsDBQkJZgGABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEFjSJg1ZmGdY6tYP
/A3P75RTZdl37JzHEWh6kfNJ6LdmCBTxbtwUxCmhKKKtgl1lSamtIkbiI6imY0Vk
VCNxkHN56QjqK3ELRx7lwjXmKUNMe5Yql/5g86vpEznO/y6C5tv5W4k32dQwxrlV
LUEwrfddQKts3TiUHzeGLjTdNk7ZV82427CgeNC/rsovQZ+mvWtjdhM0vq99vH+D
T5cAMRlEparUgvKKfzSwznxrFcviPq+Za4HvOjTec8HP7tJfJNNzjyeXvlmHG10V
euLOOr2mq7f2JTg7pKhtX94153XtvGt0HmqNi6k85kABTUKvtxWr1q4AVRFfrBwW
1qorrOFcRpffpkumsLq/5FT4cEciVZzqUgfq9asyev5Qjtxj7tNlYiqXAsNfqhLp
dGXiNcI+Kpk2Pe1eaOBH2QrE1Yg9aRQsq7Wkg7myyTktYpQg8t3s5JjEqIU66bLL
it7OWPYjfV8bQ07r/64NZbNVyFF5qvAgI/cINTo27dfWQmELOXyymXQJLyEO1qHg
hEFUoa3jnlC1Gpi7JyMHbEADb0a7zZf6TZyyeaPFG1bxcSB11BKm6NEfiQovccjq
8E9wUZ1/BSC4YCvw9cmiHsZqKx5/KUxJlN9fYA0WCyQ7PWuc/8bAwEWlFUHDJdQ3
BDxvpznL9u17Z3p+7+ASHiOcNiNqfAlNnffrrpqjimEZuQINBFoF/O8BEADH4/MA
xV0moSw9tTcnTqq5/Pekueugukub7zgoxH8Yh82tKhpcl7sjOo4KaGzwjNHlzEUG
KGyotaaPhTTxF3lqBfPPEA4EYkLfM3YBlOemI6642rapRQxHFptX1bEMGh+KE9rl
FRZnN7cuUehbtTMpKwsPr69oMsrg8nF43migiNDa8hjfJ/0egBctovh0UprJLbap
4Trqhiw5yshjE7wQ5tTJUJ/D+m7cJPrwaTE+mxJywYPp9fkzF/G/AV3K/IOK9LBW
MWzUTD4aUx1Feji+xq6tgtrPwTwfM016ZHGVBE//7ZkrazUyap4FGjBSwCmWwukA
NW8GHak7uq4qhTZ4u2raz7nBjkqK8hDr6HA5D+vW7UJGaJRRjBC6FYf45lbwTkVM
VlogMWSCH36EPaQa3wilYqxDBxWPZVqroEO2RWOWwxWGtk/hUp2kwKKWqOH6lSZQ
uBvrjPeZWEyfnVdv5AVlZhvb6vADpOYkSSROj7C2wCjKoOdxl+Axek6GhhkIkaIp
1yK41YYnqq/FyFjeVQ82j1/zQp8oTcVhC9qGpQiUDeE85hMuhYSU7O1IaNuje2mn
x5E79oICYtny1MO+LTfKf7OurlQbMZ/9/FgqnwacpLANrOCMWEdB8Spt4+Sk67dK
e0f6OTkBp00azMlNUC+hIi/E7CFIumxLzpaW0QARAQABiQREBBgBCgAPBQJaBfzv
AhsCBQkJZgGAAikJEFjSJg1ZmGdYwV0gBBkBCgAGBQJaBfzvAAoJEJOaLKTirVYF
H/AP/iIgVYB0ooCSjNgLi3HNDj6i8HdVieqGBhhmQodXm1so8MvqZV74Q7hwr0zG
zISA1BLFoQglVvTeytw+SlsHPIwqnaYugYD7eKuLdD+YUtCpdu1M863CMtYV8RSW
xyGLYWHurVtVZ686kn7noIwce3SB75fzyozx30BSfaaal0fuCUbJqPMqBRoXJNi9
pSHc6Vhss9QqLUeskoJaohCgVqk1GnCI+x5vCIfvscR3jFKqvm/FShuI8dvPQfyF
C+DckmqM1pIrQ5/A8Owh+7F6odW77D4HLCVc7J1tJprPvYvoXrZPWBU2mTy84jn0
63VQrE2yC+nGIYMBHMQUcOh/Laq5XeuQZoOYJWF7bBDuTiUlCnVjMouSf350jH58
VRaoGCyDx7Ai40KNT29nR4LVBuJRt3nHczhqb6tHVYiXKv5NWmuJsn6lNsY6OrCo
prfsXlVfX1Bad3p0srIHzliUK4jBFs4Dtfz9aCoI1Lw8WfBgNTxqptfxdudE2qDz
OhYBq3Vp4NUYgKvBlFUhxofkMBNOoASkihgqguRvmsdhoBpQPRVLSGpFzExP95YC
MsH6fVYERC6BCrE3D3fH3eMIe1OkBznYJNDZKduWlolWB/aLVBZTsMmAQjUWE9Zu
6GxkQbqk6RjHMvty26bCHW/fqI4tCGxQ5f42jvNxm8InM22KxM4P/2aSqxVs9bXl
80liZlIL1lMqp9QkghlP4A2hJgzMkNmeDzEsdZxbsNRcmARa7CTy0RZUjHiMZSU+
LLWTVnrrt96oslbGE0laSwsMJL3DUJwIAyWQqIB9ppOLtnbU/gSjxhgdn1jdnFNl
DyGYRM5Ys/qNfDE24NGCQjmKfgM6QhiKZgxnEOyMdXm/Kall8YG8g71jyfEGXbzS
qCy815NSqepQ43gMs0DXfgVUORSSNJS8r6qQOzuWgoZ2T1hK3nJawhmH5AiWi4eR
8HPgYZXPvwP0NIXrEFIW9QyOOJAR51u6GWLWVKDDH1MkFzXbUx3D8yu4groXuElB
gkd6gzYB7gSngZF+DZsoD5tbhCO0GWbZKgpL7pjAeEgqsWrhhZFoYOT4rK2nn0lJ
4aENQUgo+Bdn0zr9uSkE4yujzAXrIXLKX5eN3J+WPKxoO3W2NdyWySklwj5fszLO
NH8lLEdJ895BIPt/0ZErAGC5l7eDUi0Pnk8CgWoSL8YSKHHAq2GVCgFcgw5uh6o6
SuHccFq/TRXzkEgeTZ/n0LxbtKr5W4Qlly0Krgbt7ybf4gzLG1RbERYmVnndMWJ6
CdwepVQE4Lc/SIZCNLd9uUbdgnkblcEtap4OxMBmYyKW3bCCpsvGdjVbKesFlSN+
U2jfqj6/UEFtGoY/A0TiZcayn9felM7wuQINBFoF/WsBEACkQdxQFzhwz1YNm3Xr
6vNGkxMg0kfZJxbUXuopuUbFWAg9RfIJ1BPk/wox/pwRnGm9RZUh/h1dXswAdM2X
4Y8PWcfRb/FEnhGOr5VEF3pC0WPHSJ2K8Akfee/VBhnV8Nnv76LpMnC5C7AbwmUh
0OHGMoXPDb8fG2GZWtZs/4g3LfPNNws1caLpsgQTa2jzatc93NFdH8ae915dPTY2
y0FVXJn3hW0AGlTaOTktkNhfAaU8Ko1GhYBEDtD/klXZKhxhUgkK+nz94Z2DHbzI
zBEAI9RPCoZFIFzmTTuAn8tyHWAc1tDXZRGIq4IfJa2mJsTDfiItOGaMQXXFBjFj
e4K6ATA2En0Hr6dR3ybhN9bq9an0xzj22T5JEPhr2liwlKjEr2cZsKQhg8iawHNf
cHYhCWrK1qlr6dw71BIdoRstNGMDkN8sE76oWMVSlJuJdWAvzQm9/ubcWg5LFQWZ
LAomYp/WobteAzcMTRsC5F8LMxNp+CXJS8c/wwCX9h0GM2qP8mG9GjxEHIwugkKK
CPsLvngJMe0oXkpndDIahPsjsVDMuN27zlpHIFtcwhQvdnPh2WnHDx3EMt8ol3Lh
i7xmGqoHxl9DO5Idr797Ou+U1y9TtFs4jk/NJ99z+D6KwpCLT/WQ449SMnUanaOm
Pe/8ocZ3PDnqmVcAW/bWkw1RBwARAQABiQIlBBgBCgAPBQJaBf1rAhsMBQkJZgGA
AAoJEFjSJg1ZmGdYOIkP/1GUWKjzVPeMhh97gbllQrxqkmopOGQpyUqq9OPhhvih
lm5hHg6qolf6cbW3yINFvUxL9ycJQUrV8ZCTQeOR0s5M+noHpui3i4tt3wmtE20D
0AJolj2rd63Cn0mh5eGRyx1nMz3V/jAl2fgLUa/BIAa5lI08bZQIVJy0qKHaN3rH
xU2Tp5MbKrDFG+WOrWYO8Ehw+h+U6G5+IWDQXThBID7J5CZ48KmVVSwVxh8OmTsi
sTfetQ5Hr7oTid9gSu4gDmOuXo2Hg+sWpuACBZX9eyPTTYnts1c/85UctOonePTO
pGV0OWGS72TmILQXH+ZmkKbvu1OGM7bIMM8uo5kaTEsN7sFv/LPgszlDj7peaFpP
lCKsb2H0k1x6z0y5l5r7BBMMt+q7OHl4XO5PPoMk/ri4weDYRUP0LhZ5V/dwotbB
Q4O9JAu7HAVFSbEsUgahhZGGx1ozwm1tEV5sjNVo0G+pFW933N/nquTi9PrIrSJn
kXEAGI6Scd2wIl7Y7/ustYA8RDgpRuN65C/R/cETMqVa8noyZWrBLzi40y7PHMHR
fbQUVf0+ULWR9BtmOvv+V770n5uWnK+VYAUpKhfF3d/BOybKXAlLzNTeSbkebzGg
0zzL96O9QN+MTaejvVQUlwdggjhTO0SAzc4CyHy8XKzYfSx3fQxb4uZ0uPw2Zxap
uQINBFoF/eIBEADI3zgxwZpyH+5E2XKSXaW855HBKUkpExWtiC7Fjb7vsBSo2kmO
ZKEcP464MRC59j2n/vjoj5A1qVjkXFJcrdVNm7VcF+APsVDJCWscOp0HSLaf0iVM
TxEoWKUUL6Q/IpepOcufcIQ51IX5SfQ3gMKAzJ3z0IQLm+Zz1oD+NCSscXVVIe9M
zPxY/GKMkjIhdYNmYH5jvhXybhdt6H26z3s7w5K//7+mg+jvsac08wogetjx8V0Q
Gp2d6Q/AW2HQX8YoMrBjZYuEMZRSydiU6K7KRS78mAzxuTLjPK9OvOsaTuFHvqFR
AD/qXsyT9OLrpzPnTcoIfquH2ylk79M54jGR8J/JDhQk88lv7tkEVhQW9f+dhYDU
MFwGZm4QxolmBZfMj5rU6dY+uigTNpKyDr0MS5cVptZiRvBZSMGPMhp0Yt48OLlt
w+2/p/7FxhYkNpqjKCATdkS0yJJ2qW0dFWpzzOGNI4xwb/W+kaftW+kU/Sg8qwQl
CdgjkxZ7CNPddomLNqdU5z0FeKwVMUnDHf5I08GnXAFx+/OYb2TIZXSKlSrHDDHA
+Pm3hqnzJP0r3yVVt0MHl7eln5aXew7zG2yBK4cm+YwAjfDhTLkwYTRC8ge8GDKf
YyPqv38sDBsQCFTERGDPoZp5Smt9C3deYkgrqBR1iJZHNuM+7WL8J0ZjLwARAQAB
iQIlBBgBCgAPBQJaBf3iAhsgBQkJZgGAAAoJEFjSJg1ZmGdYko0P/Rxk1TJCXaEj
dX5WYYqITQE5iO5FWuuOpHf054S/yE9gcD5BGZSLakwummLVKEJyFlgZW3Tc2p9C
5PyqukuEHLjep3UNYiQLX4rupeqovfEI8q3cJJrEa30svDmNO+kQYlPVemjsNo7l
XmWm+LM281Ycg4ZYFpUIsDGupNFiQyLbKizXEICkhrBs8NaTCyp4yHJVuo75z/w5
/p8HndVR4u62Qmxn06XZICjd8nQXK9bPen5OZ6O42yOL4/zCGJgQzrshMiBZwPUf
Q6hjQJkgD/PttjL32SeIAGC6ca4uVR5MqPub1RDaIe6CZJ/Go8lZX+dxQzCJbdv+
DcdNL7HHw9EVTR3wRdI7DwJbH1vJCEO1i1RTZBJd3sKhwHtdSXkdOwIWYgnUF2fx
ermtX1AKDpAKkMumwMMvAFA6ntevmNmdc35LCCq5rMX4ClKVn5+0n5YeAdxH7teZ
0FzlNBDmYtdeYWnMXut/ukHO2GWZyXkbfXXXQhezeUQaWuyCfsAuocqHvEtRYoVx
iZ1WSLgU34q1rcX2abQsHUWRxZmBfKD6RZ15bvlIM99ne2/bDSBETz4KUCIa2WIV
v0FjOkVKB3PSHj1q4fogldX0Yb55tUa3rX0Rb8QEKInQj8FFPd44XHclv9PTv0OL
IfHtYt8huvu34FA85HR8wAOPiqvyJ7Oj
=r7Yf
-----END PGP PUBLIC KEY BLOCK-----

There aren’t any published security advisories