NEUS NetworkDevelopersGitHub

Security Disclosure

NEUS Network is committed to maintaining the security and integrity of our services. We encourage responsible disclosure of security vulnerabilities and work with security researchers to protect our users and the broader ecosystem.

Security Contact

For security vulnerabilities and responsible disclosure:

  • Email: [email protected]

  • Response Time: 24 hours for acknowledgment

  • Emergency Issues: Include "CRITICAL" in subject line

Responsible Disclosure Policy

NEUS Network encourages responsible disclosure of security vulnerabilities. We are committed to working with security researchers to protect our users and the broader ecosystem.

Reporting Guidelines

What to Include:

  • Detailed Description: Clear explanation of the vulnerability

  • Reproduction Steps: Step-by-step instructions (if applicable)

  • Impact Assessment: Potential security implications

  • Proof of Concept: Non-destructive demonstration (if safe)

  • Suggested Fix: Remediation recommendations (if known)

What NOT to Do:

  • Do not create public GitHub issues for security vulnerabilities

  • Do not exploit vulnerabilities beyond proof of concept

  • Do not access or modify data belonging to others

  • Do not disclose vulnerabilities publicly before coordinated disclosure

Response Timeline

Severity Classification:

  • Critical (7-day resolution target): Remote code execution, authentication bypass, unauthorized fund access, complete service compromise

  • High (14-day resolution target): Privilege escalation, data breach potential, denial of service attacks, smart contract vulnerabilities

  • Medium (30-day resolution target): Information disclosure, rate limit bypass, non-critical logic flaws

  • Low (Best effort): Configuration issues, minor information leaks, usability security concerns

Scope

In Scope:

  • API Endpoints: All public and authenticated endpoints

  • SDK Components: @neus/sdk and @neus/widgets packages

  • Smart Contracts: Deployed protocol contracts

  • Infrastructure: Authentication, rate limiting, data validation

  • Documentation: Security-relevant documentation

Out of Scope:

  • Third-Party Services: External APIs and dependencies

  • User Applications: Apps built using NEUS SDK

  • Social Engineering: Attacks targeting individual users

  • Physical Security: Infrastructure access controls

  • Denial of Service: Network-level DDoS attacks

Safe Harbor

NEUS Network will not pursue legal action against security researchers who:

  • Report vulnerabilities through proper channels

  • Do not exploit vulnerabilities beyond proof of concept

  • Do not access or modify data belonging to others

  • Comply with this responsible disclosure policy

Security Practices

NEUS Network implements industry-standard security practices including:

  • Stateless authentication (no persistent sessions)

  • Rate limiting and abuse prevention

  • Input validation and sanitization

  • Security headers and HTTPS enforcement

  • Regular security audits and assessments

Contact

For security vulnerabilities:

  • Email: [email protected]

  • Subject Line: "Security Vulnerability" (or "CRITICAL" for emergencies)

PreviousPrivacy PolicyNextExport Controls

Last updated

Was this helpful?