Joystream Handbook


Security related resources and information.

Vulnerability Reporting

To report issues in a responsible manner, please send to "security" on domain "", and encrypt the message, this is however not a support channel.
The following GPG keys may be used to communicate sensitive information to relevant developers, in particular concerning the runtime and blockchain, but also other critical infrastructure and applications. These recipients will relay the message securely to whomever is the maintainer at any given time.
Joystream Hande
You can import a key by running the following command with that individual’s fingerprint: gpg --keyserver hkps:// --recv-keys "<fingerprint>" Ensure that you put quotes around fingerprints containing spaces.

Bug Bounty

Coming soon.

Security Audits

Two runtime audits have been conducted so far