Skip to content

Security: primev/mev-commit-relay

Security

SECURITY.md

Security Policy

The Flashbots team would appreciate any contributions, responsible disclosures and will make every effort to acknowledge your contributions.

Scope

Bugs that affect the security of the Ethereum protocol in the mev-boost and mev-boost-relay repositories are in scope. Bugs in third-party dependencies are not in scope unless they result in a bug in mev-boost with demonstrable security impact.

Reporting a Vulnerability

To report a vulnerability, please email [email protected] and provide all the necessary details to reproduce it, such as:

  • Release version
  • Operating System
  • Consensus / Execution client combination and version
  • Network (Mainnet or other testnet)

Please include the steps to reproduce it using as much detail as possible with the corresponding logs from mev-boost and / or logs from the consensus / execution client.

Once we have received your bug report, we will try to reproduce it and provide a more detailed response. Once the reported bug has been successfully reproduced, the team will work on a fix.

Bounty Program

The bug bounty program will be a shared bounty pool of up to 50k USD between mev-boost, mev-boost-relay.

We would like to welcome node operators, builders, searchers and other participants in the ecosystem to contribute to this bounty pool to help make the ecosystem more secure.

There aren’t any published security advisories