From a23776e10db82bd10ff92952634b621cd34976bf Mon Sep 17 00:00:00 2001 From: randyquaye Date: Thu, 5 Feb 2026 11:31:32 +0000 Subject: [PATCH 1/2] update repo docs --- .github/CODEOWNERS | 7 +++++++ CONTRIBUTING.md | 2 ++ SECURITY.md | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 .github/CODEOWNERS create mode 100644 SECURITY.md diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 000000000..ca0a87fe7 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,7 @@ +# CODEOWNERS for Aztec Staking Dashboard + + +# Default owners for everything not matched by a more specific rule +* @AztecProtocol/sdb-review + + diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7dbc02377..ae30f23f8 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -18,6 +18,8 @@ If you find a bug, please open an issue with: 4. **Environment details** (browser, OS, Node version) 5. **Screenshots** if applicable +If your report relates to a **security vulnerability or security-sensitive issue**, please **do not** open a public issue and instead follow the private disclosure process described in `SECURITY.md`. + ### Suggesting Features For feature requests, open an issue with: diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..58e7aed9f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,35 @@ +## Security Policy + +We take the security of the Aztec Staking Dashboard seriously and strongly encourage researchers to report security vulnerabilities privately. Please use the guidelines below when reporting security issues. + +## Reporting Security Vulnerabilities + +- **Do not** open public GitHub issues or pull requests for suspected security vulnerabilities. + +Instead, please use the [Private Vulnerability Reporting](https://github.com/AztecProtocol/staking-dashboard/security/advisories/new) process on GitHub. + +- Navigate to the "Security" tab of this repository. +- Click "Report a vulnerability" on the left sidebar. +- Fill out the form with the details of your discovery: + 1. Description of the vulnerability and potential impact + 2. Steps to reproduce (including logs, requests, or PoCs as appropriate) + 3. Environment details (browser, OS, network assumptions) + +You can also email security@aztec + +We will: +- Acknowledge receipt of your report as soon as reasonably possible +- Investigate and validate the issue +- Work on a fix and coordinate disclosure timing with you when appropriate + +If you believe a vulnerability is actively being exploited or has severe impact (e.g. loss of funds, key compromise, or broad user impact), please clearly mark the report as **CRITICAL** in the pvr/email subject. + +## Reporting Non‑Security Bugs and Feature Requests + +For issues that are **not** security-sensitive (UI glitches, performance problems, feature requests, etc.): + +- **Use GitHub Issues** to report bugs, following the guidance in `CONTRIBUTING.md` +- **Use GitHub Issues or Discussions** to suggest new features or enhancements + +Keeping normal bugs and feature requests public helps the community track progress and collaborate on fixes, while keeping security issues private helps protect users until a fix is available. + From 56932e504dc3210fe2d5b4b2255ae5a167aaf201 Mon Sep 17 00:00:00 2001 From: randyquaye Date: Thu, 5 Feb 2026 11:32:49 +0000 Subject: [PATCH 2/2] update sec email --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 58e7aed9f..a90b52b11 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -15,7 +15,7 @@ Instead, please use the [Private Vulnerability Reporting](https://github.com/Azt 2. Steps to reproduce (including logs, requests, or PoCs as appropriate) 3. Environment details (browser, OS, network assumptions) -You can also email security@aztec +You can also email security@aztec.foundation We will: - Acknowledge receipt of your report as soon as reasonably possible