Skip to content

Security: vegaprotocol/vega

SECURITY.md

Security Policy

Supported Versions

Please see Releases. We recommend mainnet node operators use only the most recently released version.

Audit reports

Scope Date Report Link
MultisigControl 20220513 pdf
Vega_Token_V2 20210823 pdf

Reporting a Vulnerability

Please DO NOT file a public ticket mentioning the vulnerability. This is especially important for vulnerabilities that may result in loss or freezing of assets and those that may cause degradation or outages of the network.

To find out how to disclose a vulnerability in Vega visit the bug bounties page or email security@vegaprotocol.io.

Please read the disclosure page for more information about publicly disclosed security vulnerabilities.

The following key may be used to communicate sensitive information to the project team.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZJBtihYJKwYBBAHaRw8BAQdAnoV3CXhVkzH4SWA9C9t5kQOniW3RLSpYMGKa
4v4TqjO1AVVWZWdhUmVwb3J0IChWZWdhLVByb3RvY29sIFNlY3VyaXR5IElzc3Vl
IFJlcG9ydGluZyBrZXkuIFRoaXMga2V5IGlzIG9ubHkgdXNlZCB0byBhbGxvdyBm
b3IgZW5jcnlwdGVkIGNvbW11bmljYXRpb24gb24gc2VjdXJpdHkgaXNzdWVzIHdp
dGggdGhlIHRlYW0sIGFuZCBpcyBuZXZlciB1c2VkIHRvIHNpZ24gYW55dGhpbmcg
bWVhbmluZ2Z1bC4gSXQgYWxzbyBtYXkgYmUgcmV2b2tlZCBhdCBhbnkgdGltZTsg
cGxlYWUgY2hlY2sgdGhlIHdlYnNpdGUgYXQgdmVnYS54eXogYXMgdGhlIGF1dGhv
cmF0aXZlIHNvdXJjZSBvZiB0aGUgY3VycmVudGx5IHVzZWQga2V5LikgPHNlY3Vy
aXR5QHZlZ2EueHl6PoiZBBMWCgBBFiEEDmwoUh14HTF+GTIYbn2QYotPYZMFAmSQ
bYoCGwMFCQPCZwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQbn2QYotP
YZNYIwEA1Qu6MZcb5RqotV8dlodFxp9s1CL5jqHO0mq+yvyyUu8BAP1hKuhdTN35
MmAf5jCXD+kCv9UkBAdkJ3Mux7v4+D8KuDgEZJBtihIKKwYBBAGXVQEFAQEHQGop
lH9egLg4MU30OINhdDw1nz1N8/Ocw78a/KNi+mUvAwEIB4h+BBgWCgAmFiEEDmwo
Uh14HTF+GTIYbn2QYotPYZMFAmSQbYoCGwwFCQPCZwAACgkQbn2QYotPYZPdgAEA
gHy/18LW+Yn//ddY6+2hCGhLzGDh5D5jSoLcD8/UGPoBAJezJQFgQuPZ0buIBrSh
UGCir7aOk4/aTC1UAg0+8w8F
=KKVZ
-----END PGP PUBLIC KEY BLOCK-----
Learn more about advisories related to vegaprotocol/vega in the GitHub Advisory Database