🔐

Security

Security related resources and information.

Vulnerability Reporting
To report issues in a responsible manner, please send to "security" on domain "joystream.org", and encrypt the message, this is however not a support channel.
The following GPG keys may be used to communicate sensitive information to relevant developers, in particular concerning the runtime and blockchain, but also other critical infrastructure and applications. These recipients will relay the message securely to whomever is the maintainer at any given time.
Joystream Hande
Fingerprint
mokhtar
2DD5D822FC22DB196E262440ADA7C97DDD6781D8
You can import a key by running the following command with that individual’s fingerprint: gpg --keyserver hkps://keys.openpgp.org --recv-keys "<fingerprint>" Ensure that you put quotes around fingerprints containing spaces.
Bug Bounty
Coming soon.
Security Audits
Two runtime audits have been conducted so far
Quarkslab: https://github.com/Joystream/audits/tree/main/Quarkslab-22-05-982-REP​
SRLabs: https://github.com/Joystream/audits/tree/main/SRL-Jsgenesis_baseline_security_assurance_joystream-2021​

Joystream Hande	Fingerprint
`mokhtar`	`2DD5D822FC22DB196E262440ADA7C97DDD6781D8`

system - Previous

Fees

Glossary

Last modified 11d ago