The Rootstock team and community take security bugs in rootstock seriously. Beside this project is out of our Bug Bounty Program scope, we appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
For all security related issues, the tokenbridge team has two main points of contact. Reach us at security@rootstocklabs.com or use the GitHub Security Advisory "Report a Vulnerability" tab.
The Rootstock team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
Ensure the bug was not already reported by searching on GitHub under Issues.
Follow our disclosure guidelines.