update readme with security and audit info (#131)

edkim · web-flow · commit 4f98409d27bd · 2023-02-16T07:59:35.000-05:00
diff --git a/README.md b/README.md
@@ -2,11 +2,12 @@
 
 [![Coverage Status](https://coveralls.io/repos/github/IndexCoop/index-coop-smart-contracts/badge.svg)](https://coveralls.io/github/IndexCoop/index-coop-smart-contracts)
 
-# index
+# Index Cooperative Smart Contracts
 
-This repo houses the [index-coop][22]'s Solidity smart contracts.
+This repo houses the [index-coop][22]'s Solidity smart contracts which are built on [Set Protocol V2][29]. There is a separate repository for [Index Protocol](https://github.com/IndexCoop/index-protocol), a good-fath fork of Set V2 that Index Coop will continue to develop. Head over to that repo to find our newer smart contracts.
 
 [22]: https://www.indexcoop.com/
+[29]: https://github.com/SetProtocol/set-protocol-v2
 
 ## Install (for development)
 
@@ -34,7 +35,7 @@ OR `yarn test:clean` if contract typings need to be updated
 
 ### Run Integration Tests
 
-`yarn chain:fork:ethereum` in one terminal to run chain fork. replace ethereum with polygon or optimism if needed, see package.json
+`yarn chain:fork:ethereum` in one terminal to run chain fork. replace ethereum with polygon if needed, see package.json
 
 `yarn test:integration:ethereum` in another terminal, replace chain again as needed
 
@@ -63,49 +64,12 @@ npm install @indexcoop/index-coop-smart-contracts
 ## Contributing
 We highly encourage participation from the community to help shape the development of Index-Coop. If you are interested in developing on `index-coop` or have any questions, please ping us on [Discord](https://discord.com/invite/RKZ4S3b).
 
-## Security
+## Security Audits
 
-### TODO: Independent Audits
+Set Protocol V2 has undergone multiple audits. For more information see https://index-coop.gitbook.io/index-coop-community-handbook/protocols/security-and-audits
 
-### Code Coverage
+## Vulnerability Reporting ##
 
-All smart contracts are tested and have 100% line and branch coverage.
+If you believe you’ve found a security vulnerability in one of our contracts or platforms, we encourage you to submit it through our [ImmuneFi Bug Bounty][32] program.
 
-### Vulnerability Disclosure Policy
-
-The disclosure of security vulnerabilities helps us ensure the security of our users.
-
-**How to report a security vulnerability?**
-
-If you believe you’ve found a security vulnerability in one of our contracts or platforms,
-send it to us by emailing [security@indexcoop.com](mailto:security@indexcoop.com).
-Please include the following details with your report:
-
-* A description of the location and potential impact of the vulnerability.
-
-* A detailed description of the steps required to reproduce the vulnerability.
-
-**Scope**
-
-Any vulnerability not previously disclosed by us or our independent auditors in their reports.
-
-**Guidelines**
-
-We require that all reporters:
-
-* Make every effort to avoid privacy violations, degradation of user experience,
-disruption to production systems, and destruction of data during security testing.
-
-* Use the identified communication channels to report vulnerability information to us.
-
-* Keep information about any vulnerabilities you’ve discovered confidential between yourself and
-Set until we’ve had 30 days to resolve the issue.
-
-If you follow these guidelines when reporting an issue to us, we commit to:
-
-* Not pursue or support any legal action related to your findings.
-
-* Work with you to understand and resolve the issue quickly
-(including an initial confirmation of your report within 72 hours of submission).
-
-* Grant a monetary reward based on the OWASP risk assessment methodology.
+[32]: https://immunefi.com/bounty/indexcoop/
