We actively support and provide security updates for the following versions of Mitosis Chain:
| Version | Supported |
|---|---|
| main | ✅ |
| latest | ✅ |
| < 1.0 | ❌ |
The team takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose any vulnerabilities you find.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via one of the following methods:
- Email: Send details to security@mitosis.org
- GitHub Security Advisories: Use the private vulnerability reporting feature
🔐 Optional: If your report contains sensitive information, we recommend encrypting it using PGP.
Our public key is currently unavailable but will be published by [DATE]. In the meantime, please use one of the following secure methods:
- Use a secure file-sharing service with password protection and share the password via a separate channel.
- Encrypt your report using a tool like OpenSSL and share the decryption key via a separate channel.
When reporting a vulnerability, please include:
- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
- Initial Response: We will acknowledge receipt of your vulnerability report within 48 hours
- Investigation: We will investigate and validate the vulnerability within 7 days
- Resolution: We will work on a fix and provide updates on our progress
- Disclosure: We will coordinate with you on the disclosure timeline
We believe in responsible disclosure and ask that you:
- Give us reasonable time to investigate and fix the issue before public disclosure
- Do not access, modify, or delete data that doesn't belong to you
- Do not perform any actions that could negatively impact other users
- Do not publicly disclose the vulnerability until we have addressed it
chain implements several security measures:
- Code Audits: Regular security audits of critical components
- Dependency Scanning: Automated scanning for known vulnerabilities in dependencies
- Static Analysis: Continuous static code analysis for security issues
- Access Controls: Strict access controls for critical infrastructure
- Encryption: All sensitive data is encrypted at rest and in transit
When using Mitosis Chain, please follow these security best practices:
- Keep Software Updated: Always use the latest supported version
- Secure Private Keys: Never share private keys or store them in unsecured locations
- Network Security: Use secure networks and VPNs when possible
- Backup Strategy: Implement proper backup strategies for critical data
- Monitor Activity: Regularly monitor your validator and transaction activity
We will publish security advisories for any vulnerabilities that could affect users:
- GitHub Security Advisories: Published on our GitHub repository
- Community Channels: Announced in our Discord and Telegram channels
- Documentation: Updated security guidance in our documentation
We are planning to launch a bug bounty program to reward security researchers who help us identify vulnerabilities. Details will be announced soon.
For security-related questions or concerns:
- Email: security@mitosis.org
- PGP Key: Available here (Coming Soon)
We will not pursue legal action against security researchers who:
- Follow this responsible disclosure process
- Act in good faith
- Do not violate any laws
- Do not access or modify data beyond what is necessary to demonstrate the vulnerability
Thank you for helping us keep Mitosis Chain secure! 🔒