Skip to content

Security: David1984TK/Bimex

Security

.github/SECURITY.md

Security Policy – Responsible Disclosure

How to Report a Vulnerability

  • Encrypted Email: Send an encrypted email to security@bimex.io. The public PGP key is available here.
  • GitHub Private Vulnerability Reporting: Use the Private vulnerability reporting feature on GitHub (see repository settings).
  • Form: A short web form is also available at https://bimex.io/security/report.

Scope

  • In Scope: The Soroban smart contract, the frontend application, and the indexer service.
  • Out of Scope: Rate‑limit tests on the public testnet, the public RPC endpoints, and any third‑party services not maintained by the Bimex team.

Expected Response Times

  • Acknowledgement: < 48 hours.
  • Fix: Up to 30 days for high‑severity issues.

Safe Harbor

Researchers acting in good faith, following this policy, will not be prosecuted for their activities.

Rewards

We are evaluating a bug‑bounty program (see issue #14 for discussion).


This policy is based on best practices for open‑source projects and complies with GitHub's security guidelines.

There aren't any published security advisories