The Security Policy on Evmos includes a vulnerability disclosure policy and guidelines for reporting vulnerabilities in the Evmos ecosystem. It explains the process for reporting and disclosing vulnerabilities through the use of the Evmos Security and how the Evmos team handles and resolves reported vulnerabilities. The contents of the policy help avoiding privacy violations and keeping information confidential. Also included are commitments from the Evmos team, such as not pursuing legal action and working with researchers to disclose issues in a timely manner. The disclosure process includes steps for verifying and confirming reported vulnerabilities, determining their potential impact on the Evmos platform, and patching and disclosing the vulnerability to the public. The payment process for reported vulnerabilities is also outlined and instructions for contacting the Evmos Security Team are provided. For more information, visit the Security Policy documentation sites:
Additionally, Evmos has a Simple Arrangement for Funding Upload (SAFU). The SAFU is a simple yet extensible way to specify a post-exploit policy for whitehats, particularly rewards and distributions. For more information, visit the SAFU section.