Security Policy

1. User’s Responsibility
1.1. The User is solely responsible for the safekeeping of private key used for communication with the smart contract. 1.2. You acknowledge that it is your responsibility to protect your credentials and email account against phishing. Neither the Platform nor the Operator assumes or accepts liability or responsibility for any loss or damage (whether direct or indirect), whatsoever, caused as a result of phishing emails, phishing websites, phishing advertisements or phishing through other channels. You shall promptly report any successful or failed attempts of phishing to the Operator. 1.3. You shall take care that your computer is not compromised, and you must regularly monitor your computer performance, install appropriate antivirus software, avoid installing software from unknown sources, opening email attachments from unknown senders and avoid visiting risky websites (e.g. pornography, downloads, games, free applications). You are solely responsible to take all security precautions to prevent your computer from being hacked. 1.4. You shall not use any device, software or subroutine to intervene or attempt to intervene in the normal operation of the Platform. 1.5. You shall not adopt any action that will induce an unreasonable amount of data to load onto the network equipment of the Operator.
2. Responsible Disclosure Policy
2.1. Responsible disclosure is a model that provides the Operator with a reasonable amount of time to fix the issue before publishing it elsewhere, not leaking or destroying any User data, not defrauding other Users or the Operator itself in the process of discovery. 2.2. In order to encourage responsible disclosure, we promise not to bring legal action against researchers who point out a problem, provided they do their best to follow the above guidelines. 2.3. We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission 2.3. Rewards may be paid out to the account of researchers who report previously unknown security vulnerability of sufficient severity. There is no minimum or maximum reward, and we may award higher amounts based on the severity or creativity of the vulnerability found. 2.4. We will keep you informed of the progress towards resolving the problem 2.5. In the public information concerning the problem reported, we will give your name as the discoverer of the problem (unless you desire otherwise) 2.6. The Operator reserves the right to decide if the bug is real and serious enough for the researcher to receive the bounty. As a framework for reference, please consider the following list of things we want to know about: XSS, CSRF, authentication bypass or privilege escalation, remote code execution, obtaining sensitive User information, accounting errors, unjust enrichment via a software issue. The following are not of interest to us: denial of service, spamming, rate limiting on login or password recovery forms, misconfigured SPF, DKIM or DMARC records, vulnerabilities in software not hosted or not operated by the Operator. 2.7. You can disclose a vulnerability by contacting us directly via email at security@verity.network. Please include: code which reproduces the issue, a detailed description and the potential impact of your bug along with your username for potential pay-out. Encrypt your findings using our PGP Key to prevent this critical information from falling into the wrong hands.