Bluefin
  • Bluefin Exchange
    • Introduction
    • Roadmap
    • Getting Started
      • Onboarding
      • Depositing & Set Up
      • Tutorials
      • Perpetual Swaps
    • Trading
      • Order Types
        • TP/SL Orders
      • Orderbook Design
      • Isolated Margining
      • PnL Calculation
      • Oracle and Index Price
      • Risk Engine
        • Liquidation Process
        • Insurance Fund
        • ADL
      • Funding
      • Trading Fees
      • Gas Fees
      • Contract Specs
    • Perps API Docs
    • Pre-Launch Markets
  • Bluefin Airdrop
    • Bluefin Airdrop Explained
    • Bluefin Foundation Statement
    • Claiming and Rewards Post-TGE
    • FAQs
  • Bluefin Spot CLMM
    • Introduction
    • Getting Started
    • Protocol Features
      • Swap
        • Limit Orders
      • Liquidity Pools
    • BluefinX
    • Tutorials
      • Exploring the Pools
      • Adding Liquidity (Creating a Position)
      • Managing a Position and Claiming Fees/Rewards
      • Auto-Rebalancing
      • Swapping
      • Placing Limit Orders
      • Switching from Spot to Perps Account
    • Spot API Docs
    • FAQs
  • Users
    • Rewards
      • Trading Rewards
      • Bluefin Vaults
      • Leagues
      • Sui Wallet on Mobile Giveaway
      • Sui Wallet Campaign
        • List of Winners
      • Walrus Campaigns
        • Walrus LP & Trading Competition
        • Walrus Trade & Earn Campaign
  • Other
    • BLUE Token
    • On-Ramping directly to Bluefin
    • Security
      • Code Audits
      • Spot Audits
    • Governance
      • Bluefin DAO
    • Bluefin Vanguard Ambassador Program
    • Terms of Use and Privacy Policy
      • Vulnerability Disclosure Policy
      • Wash Trading
      • Address Screening
      • Risk Information
    • FAQs
      • USD vs USDC
Powered by GitBook
On this page
  • Guidelines
  • Test Methods
  • Scope
  • How to Report a Security Vulnerability?
  • What You Can Expect from Us
  • Questions
  1. Other
  2. Terms of Use and Privacy Policy

Vulnerability Disclosure Policy

This policy intends to explain our preferences for how security researchers should submit vulnerabilities and provide them with clear standards for completing vulnerability discovery activities.

This policy outlines the systems and categories of research that fall within its scope and how to disclose vulnerabilities to us. Please get in touch with us if you discover any potential flaws in the Bluefin codebase.

Guidelines

In accordance with this policy, "research" refers to activities in which you:

  • Inform us as soon as you find a genuine or potential security problem.

  • Make every attempt to avoid privacy violations, loss of user experience, disruption to production systems, and destruction or modification of data.

  • Use exploits only as much as necessary to verify a vulnerability is present. You shouldn't use an exploit to compromise or steal data, gain ongoing command-line access, or switch to another machine.

  • Use the identified communication channels to report vulnerability information to us.

  • Avoid submitting a lot of reports of poor quality.

  • You must halt your test, let us know immediately, and keep it to yourself if you've found a vulnerability or come across sensitive data (such as personally identifiable information, financial information, or intellectual information or trade secrets of any party).

Test Methods

The following test methods are not authorized:

  • DoS or DDoS tests on networks or other tests that restrict access to or harm systems or data.

  • Physical testing, social engineering, or any other non-technical vulnerability testing, such as tailgating, workplace access, open doors, or phishing.

Scope

Any vulnerability not previously disclosed by our independent auditors or us in their reports.

How to Report a Security Vulnerability?

If you believe you’ve found a security vulnerability in one of our contracts or platforms, email us at security@seed.im. Please include the following details with your report:

  • A description of the location and potential impact of the vulnerability.

  • A detailed description of the steps required to reproduce the vulnerability.

  • Be in English, if possible.

What You Can Expect from Us

If you follow these guidelines when reporting an issue to us, we commit to:

  • Not pursue or support any legal action related to your findings.

  • Acknowledge that your report has been received within 3 business days.

  • Maintain an open dialogue with you to understand and resolve the issue quickly.

Questions

Questions regarding this policy may be sent to security@seed.im. We also invite you to contact us with suggestions for improving this policy.

PreviousTerms of Use and Privacy PolicyNextWash Trading

Last updated 1 year ago