This document outlines the security policies for the Block Fund Crowdfunding Platform, a blockchain-based crowdfunding application. We take the security of our platform very seriously and appreciate the community’s assistance in identifying and mitigating potential vulnerabilities.
We actively support the following versions of the platform. We recommend that all users and developers use the latest version to benefit from the latest security updates:
| Version | Supported |
|---|---|
| 1.x | ✅ |
| 0.x | ❌ |
If you discover a security vulnerability, please do the following:
- Do not disclose the vulnerability publicly until we have had a chance to address it.
- Email us at [email protected] with the details of the vulnerability. Please include:
- A detailed description of the vulnerability.
- Steps to reproduce the issue.
- Potential impact of the vulnerability.
- Suggested fixes (if any).
- We will acknowledge your report within 24 hours and provide an estimated timeline for resolving the issue.
To ensure the security of your interactions with our platform, we recommend the following:
- Enable Two-Factor Authentication (2FA): Always enable 2FA on your account to protect against unauthorized access.
- Use a Secure Wallet: Use reputable and secure wallets to interact with the blockchain. Ensure your private keys are stored securely.
- Stay Informed: Regularly update your wallet and other software to the latest versions.
- Be Cautious with Links: Only interact with official Block Fund links and be wary of phishing attempts.
- Code Reviews: All code changes must undergo thorough peer reviews. Use tools like linters and static analyzers to catch potential vulnerabilities.
- Smart Contract Audits: Before deploying any smart contract, ensure it has been audited by a trusted third-party security firm.
- Access Control: Implement least privilege principles for accessing sensitive data and contract functions.
- Regular Updates: Ensure all dependencies are up-to-date with the latest security patches.
- Reentrancy Guards: Use checks-effects-interactions patterns to prevent reentrancy attacks.
- Input Validation: Validate all user inputs to prevent unexpected behaviors or malicious inputs.
- Gas Limit Management: Ensure contracts are optimized for gas efficiency and cannot be exploited by consuming excessive gas.
- Upgradeability: If contracts are upgradeable, ensure that the upgrade mechanisms are secure and properly managed.
In case of a security incident, our response plan includes:
- Immediate Containment: We will take steps to prevent further exploitation of the vulnerability.
- Investigation: We will conduct a thorough investigation to understand the root cause and impact of the incident.
- Public Disclosure: We will inform our users and stakeholders about the incident, including steps taken to resolve it and recommendations to mitigate any risk.
- Remediation: We will deploy necessary patches or updates to address the vulnerability.
For any security-related inquiries or to report a vulnerability, please contact our security team:
- Email: [email protected]
- PGP Key: (Include a link or key for encrypted communication if applicable)
We appreciate your contributions to the security of Block Fund and thank you for helping to keep our platform safe.