We appreciate your participation in keeping Walrus secure. This document describes how to report security vulnerabilities and where to find information about the Walrus Bug Bounty Program.

All vulnerability reports must be submitted through HackenProof's secure dashboard. Do not report security issues through GitHub, email, or Discord.

You should receive an acknowledgement of your report within 48 hours for critical vulnerabilities and 96 hours for all other vulnerabilities.

If you do not receive a response, contact support@hackenproof.com. Do not include attachments or provide detail regarding the security issue.

Walrus runs a Bug Bounty Program in partnership with HackenProof. Visit the program page for details on assets in scope, severity levels, bounty amounts, and eligibility.

For security concerns or questions outside the scope of the HackenProof Bug Bounty Program, reach out through the Walrus community Discord or email security@mystenlabs.com.