Thanks for helping keep Nobay Protocol safe and open.
This document outlines how to responsibly report security issues or smart contract vulnerabilities.
If you discover a critical bug or exploit affecting:
- Smart contracts in
/contracts/ - DAO configuration or multisig logic
- Tokenomics mechanics or staking logic
- Governance systems or dispute modules
Please report it privately via email:
We ask that you:
- Do not publicly disclose vulnerabilities before they are patched
- Avoid exploiting bugs to drain value or manipulate governance
- Include as much technical detail and repro instructions as possible
- Allow us reasonable time to verify and respond
We are not currently running a formal bug bounty. However:
- All verified critical security reports will be acknowledged publicly (if desired)
- DAO may vote to retroactively reward ethical disclosures in $NOBAY
Currently in-scope contracts:
ListingRegistry.solStakingModule.solEscrow.sol
We deeply appreciate your help in keeping Nobay open, safe, and forkable. Security researchers are builders, too.