| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take the security of FROST Protocol seriously. If you believe you have found a security vulnerability, please report it to us as described below.
- DO NOT open a public issue on GitHub
- Send an email to [security@yourdomain.com] with:
- A detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if any)
- Initial Response: We will acknowledge your report within 48 hours
- Updates: We will keep you informed about the progress
- Resolution: Once fixed, we will:
- Notify you
- Release a security advisory
- Issue a patch release if necessary
- All network communications are encrypted using libp2p's noise protocol
- State proofs are cryptographically verified
- Circuit breakers protect against network attacks
- Resource limits prevent DoS attacks
- Keep your FROST Protocol implementation up to date
- Use secure key management practices
- Monitor system metrics and alerts
- Follow security advisories
- Encrypted P2P communication
- Proof verification system
- Circuit breaker protection
- Resource limiting
- Error detection
- Audit logging
- Some advanced security features planned for future releases
- Chain-specific security measures must be implemented separately
- Performance vs. security tradeoffs may exist in some components
We would like to thank all security researchers who have helped improve FROST Protocol's security. Contributors will be acknowledged (with permission) in our security advisories.