Contact: mailto:security@mithril.pro
Contact: https://mithril.pro/security
Expires: 2027-04-17T00:00:00.000Z
Acknowledgments: https://mithril.pro/security
Policy: https://mithril.pro/security
Preferred-Languages: en
Canonical: https://mithril.pro/.well-known/security.txt
Hiring: https://mithril.pro/security

# Mithril coordinated vulnerability disclosure
#
# Report security vulnerabilities to security@mithril.pro.
# Do not publicly disclose until a fix is deployed.
# Do not exfiltrate data beyond what proves the issue.
# Do not run denial-of-service tests against production.
#
# Response SLAs:
#   Critical (active exploit): 1 hour
#   High: 4 hours
#   Medium: 24 hours
#   Low: 7 days
#
# In scope:  mithril.pro, api.mithril.pro, *.mithril.pro,
#            all published smart contracts under packages/contracts.
# Out of scope:  social engineering, physical attacks,
#                third-party services we do not control.