Security Information
If you wish to report any security-related issues, please email us directly at [email protected]
Penetration Testing
The NodeSet Dashboard undergoes regular penetration tests by leading independent security professionals. However, nodeset.io does not interact with any assets and is therefore closed-source for maximum security. Due to this and the sensitive nature of these security reports, these reports will not be released publicly. However, for the sake of transparency, we will list the firms engaged in penetration testing here.
Bug Bounties
Note that, in order to be eligible for a bug bounty, you must provide a proof of concept and, if necessary, work with our developers to successfully demonstrate the issue.
Rewards for successfully replicated issues in the NodeSet Dashboard are awarded according to severity as classified by the Immunefi Vulnerability Severity Classification System for websites and apps:
| Severity | Amount (USD) |
|---|---|
Critical | $20,000 |
High | $10,000 |
Medium | $5,000 |
In addition, because NodeSet currently must retain pre-signed exit messages from our Ethereum node operators, the NodeSet Dashboard has a special level of bug bounty set at $50,000 USD specifically for exploits which demonstrate full access to this data.
Last updated