Tanssi is committed to building secure infrastructure for decentralized networks. We greatly appreciate contributions from the community that help identify and responsibly disclose vulnerabilities.

If you believe you’ve discovered a security issue in the Tanssi protocol, runtime, infrastructure, or supporting tools, we ask that you report it privately and responsibly.

Please do not file a public issue or disclose the vulnerability publicly until we’ve had a chance to investigate and patch the issue.

Contact us securely:

• 📧 Email: [email protected]

When submitting a report, please include the following details:

• A description of the vulnerability
• Steps to reproduce the issue
• The impact or affected components
• Any logs, PoCs, or related materials

We will acknowledge receipt within 2 working days and strive to keep you informed as we work toward resolution.

We ask that security researchers adhere to the following:

• Do not intentionally harm user data or privacy
• Do not attempt to access or modify data without permission
• Avoid disrupting network operations or services
• Allow us a reasonable amount of time to fix the issue before disclosure

By following responsible disclosure practices, you help us ensure the security and reliability of the Tanssi ecosystem.

While Tanssi does not operate a formal public bug bounty program at this time, we recognize the value of meaningful contributions to security.

Depending on the severity and impact of the reported issue, Tanssi may offer proportional rewards or public recognition at our discretion.

Our evaluation will consider:

• Threat level and exploitability
• Scope and affected components
• Quality and clarity of the report
• Effort involved in discovery

All such decisions are made case-by-case and at the sole discretion of the Tanssi team.

If you have any questions related to our security process, feel free to reach out. Thank you for contributing to a safer decentralized future.