We provide security updates for the following versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
If you discover a security vulnerability, please do not open a public issue. Instead, please report it through one of the following channels:
Telegram: @stick_rift
Create a private security advisory on GitHub.
When reporting a vulnerability, please include:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if any)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution: Depends on severity and complexity
- We will acknowledge receipt of your vulnerability report
- We will work with you to understand and resolve the issue
- We will notify you when the vulnerability is fixed
- We will credit you in our security advisories (if desired)
This security policy applies to:
- All smart contracts in this repository
- Deployment scripts
- Any related infrastructure code
- Issues that require social engineering or physical access
- Denial of service attacks
- Issues in third-party dependencies (please report to those projects)
When interacting with Rift contracts:
- Always verify contract addresses before interacting
- Review contract code on Basescan before large transactions
- Use a hardware wallet for significant amounts
- Never share your private keys or seed phrases
- Be cautious of phishing attempts - always verify URLs
We recommend:
- Conducting your own security review
- Starting with small amounts
- Understanding the risks before interacting
Currently, we do not have a formal bug bounty program. However, we appreciate responsible disclosure of security issues and may provide recognition for significant findings.
For security-related questions or concerns:
- Telegram: @stick_rift
- Website: rift.club