Security Policy
Reporting a Vulnerability
Please do not file a public ticket mentioning the vulnerability.
To report a security issue, send an email to security@hashgraph.com with:
- A description of the vulnerability
- Steps to reproduce it
- The affected module(s) (contracts, SDK, backend, CLI, web)
- Any potential impact assessment
The security team will acknowledge your report and work with you on a resolution.
Security Resources
- Web DApp Architecture & Security — Security considerations for the Web DApp
- Slither Analysis — Static analysis reports for the smart contracts
- Contributing Guidelines — Includes security-related contribution policies