From 3f4b5bb4cf58c93e878fa28de666098b8450a8b9 Mon Sep 17 00:00:00 2001 From: Stackwyre Date: Mon, 4 May 2026 20:44:10 -0500 Subject: [PATCH] Fix #59: Does gravity.xyz / galxe.com have bug bounty program? --- about/community-programs/bug-bounty.mdx | 63 +++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 about/community-programs/bug-bounty.mdx diff --git a/about/community-programs/bug-bounty.mdx b/about/community-programs/bug-bounty.mdx new file mode 100644 index 0000000..d6e7ae4 --- /dev/null +++ b/about/community-programs/bug-bounty.mdx @@ -0,0 +1,63 @@ +--- +title: "Bug Bounty Program" +description: "Information about Galxe's bug bounty program and security vulnerability reporting" +--- + +# Bug Bounty Program + +Galxe takes security seriously and values the contributions of security researchers and the broader community in helping us maintain the security of our platform. + +## Security Vulnerability Reporting + +If you discover a security vulnerability in any of our systems, please report it responsibly through our official channels. + +### How to Report + +For security-related issues, please contact our security team at: +- **Email**: security@galxe.com +- **Subject Line**: [Security] Bug Report - [Brief Description] + +### What to Include + +When reporting a security vulnerability, please provide: +- Detailed description of the vulnerability +- Steps to reproduce the issue +- Potential impact assessment +- Any proof-of-concept code or screenshots +- Your contact information for follow-up + +### Response Process + +1. **Acknowledgment**: We will acknowledge receipt of your report within 48 hours +2. **Investigation**: Our security team will investigate and validate the report +3. **Resolution**: We will work to resolve confirmed vulnerabilities promptly +4. **Recognition**: Valid reports may be eligible for recognition in our security acknowledgments + +## Scope + +Our bug bounty program covers: +- galxe.com and its subdomains +- gravity.xyz and its subdomains +- Mobile applications +- API endpoints +- Smart contracts + +## Guidelines + +- Test only on your own accounts or with explicit permission +- Do not access or modify data belonging to other users +- Do not perform attacks that could harm our users or services +- Do not publicly disclose vulnerabilities before they are resolved +- Follow responsible disclosure practices + +## Out of Scope + +- Social engineering attacks +- Physical attacks +- Denial of service attacks +- Spam or content injection issues +- Issues requiring physical access to user devices + +For general support or non-security related issues, please use our regular support channels or community forums. + +Thank you for helping us keep Galxe secure! \ No newline at end of file