reporting security issues
If you believe you have found a security issue, please submit the
report to our security team via email to
[email protected]. We accept vulnerability reports only at this address. This
address can be used for all of Everstake products.
Please follow “Safe disclosure” and
encrypt your message
using our GPG key.
report now
🔑 PGP key-id:
dc4086e9056c17234d62a44e302f408b14f95372
🔑 PGP fingerprint:
DC40 86E9 056C 1723 4D62 A44E 302F 408B 14F9 5372
The key is available at
keyserver.
If you wish to encrypt your submission with our GPG key, please download
it
here.
Follow next vulnerability reporting guidelines
- Please do not share the vulnerability information to third parties, without our express consent
- Encrypt your message
- Set meaningful email subject that reflects the issue
The report must provide as much detail as possible, including:
- Valid reporter contact information.
- Type of vulnerability (cross-site scripting, SQL injection, remote code execution, firewall misconfiguration, etc.)
- Detailed description of the location and nature of the vulnerability with the timeline for the discovery.
- Detailed steps to reproduce the vulnerability (screenshots or videos are always helpful), any PoC or exploit code.
- The potential impact of the vulnerability (i.e. what data can be accessed or modified).
- Mitigations or workarounds.
Contact us
Have questions?
We’re always there to answer!
contact us
Our distributed team of 20+ community managers is online 24/7 and is ready to assist you.
