Responsible Disclosure Policy
The security of the SolanaM platform and its users is our top priority. We work closely with the security research community to maintain the highest standards.
Important Note
For any immediate security report, please proceed directly to our security report email.
Our Commitment to Security
The security of the SolanaM platform, built on the Solana blockchain, is a top priority for our team. Our platform provides valuable services for digital art creation and NFT minting, and we recognize that the highest level of security is mandatory for protecting our users and their assets.
The security researcher community regularly makes valuable contributions to the security of organizations and the broader Internet. SolanaM recognizes that fostering a close relationship with this community will help improve the security of our platform. If you have information about a vulnerability in SolanaM, we want to hear from you.
Reporting a Security Issue
Please DO
- • Send an email to security@solanam.com
- • Include detailed information about the vulnerability
- • Provide proof of concept code when possible
- • Allow reasonable time for us to address the issue
Please DO NOT
- • Open public issues on GitHub with vulnerability details
- • Exploit any vulnerabilities you discover
- • Disrupt or degrade SolanaM services
- • Access user data or compromise user accounts
What to Include in Your Report
- Well-written reports in English will have a higher chance of being accepted
- Reports that include proof of concept code will be more likely to be accepted
- Include how you found the bug, the impact, and potential remediation
- Any plans for public disclosure
- Steps to reproduce the vulnerability
What You Can Expect From Us
Timely Response
A response to your email within 2 business days
Open Dialog
Ongoing communication to discuss the issue
Recognition
Credit after the vulnerability has been validated and fixed
Transparency
Updates on the status of your report
Responsible Disclosure Process
Verification
The SolanaM team verifies the issue and establishes the potential threat
Patch Development
Patches are prepared and tested in secure environments
Testing & Deployment
Thorough testing followed by careful deployment to production
Public Disclosure
We publish a security advisory and give credit to the reporter
Scope
In Scope
- • SolanaM web application at solanam.com
- • Image editor and canvas functionality
- • NFT minting and blockchain integration
- • Wallet connection and authentication
- • API endpoints and backend services
- • User data handling and storage
- • Smart contract interactions
Out of Scope
- • Scam & phishing attempts involving SolanaM
- • Lost or compromised wallet keys
- • Physical security vulnerabilities
- • Social engineering attacks
- • UI/UX bugs and spelling mistakes
- • Third-party wallet vulnerabilities
- • Solana blockchain core protocol issues
Legal Protection
SolanaM pledges not to initiate legal action against security researchers as long as they adhere to this responsible disclosure policy and act in good faith.
Contact Us
Important: For immediate security reports, email us directly.
To protect the SolanaM ecosystem, we request that you not post or share any information about a potential vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability.