We take the security of the Aztec Staking Dashboard seriously and strongly encourage researchers to report security vulnerabilities privately. Please use the guidelines below when reporting security issues.
- Do not open public GitHub issues or pull requests for suspected security vulnerabilities.
Instead, please use the Private Vulnerability Reporting process on GitHub.
- Navigate to the "Security" tab of this repository.
- Click "Report a vulnerability" on the left sidebar.
- Fill out the form with the details of your discovery:
- Description of the vulnerability and potential impact
- Steps to reproduce (including logs, requests, or PoCs as appropriate)
- Environment details (browser, OS, network assumptions)
You can also email security@aztec.foundation
We will:
- Acknowledge receipt of your report as soon as reasonably possible
- Investigate and validate the issue
- Work on a fix and coordinate disclosure timing with you when appropriate
If you believe a vulnerability is actively being exploited or has severe impact (e.g. loss of funds, key compromise, or broad user impact), please clearly mark the report as CRITICAL in the pvr/email subject.
For issues that are not security-sensitive (UI glitches, performance problems, feature requests, etc.):
- Use GitHub Issues to report bugs, following the guidance in
CONTRIBUTING.md - Use GitHub Issues or Discussions to suggest new features or enhancements
Keeping normal bugs and feature requests public helps the community track progress and collaborate on fixes, while keeping security issues private helps protect users until a fix is available.