# Security Policy

We consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.

## Reporting Security Issues

**DO NOT** report security vulnerabilities through public GitHub issues. Instead, please use one of the following means of communications to report it to us:

1. Report through our Linea [Immunefi program](https://immunefi.com/bounty/linea/) or
2. Email us at [security-report@linea.build](mailto:security-report@linea.build) with details about the security issue.

Please provide the following details in your email:

- Description of the vulnerability
- Steps to reproduce the vulnerability
- Versions affected
- Any potential mitigations or workarounds you've identified

## Responsible Disclosure Security Policy

A responsible disclosure policy helps protect users of the project from publicly disclosed security vulnerabilities without a fix by employing a process where vulnerabilities are first triaged in a private manner, and only publicly disclosed after a reasonable time period that allows patching the vulnerability and provides an upgrade path for users.

When contacting us directly via email, we will do our best efforts to respond in a reasonable time to resolve the issue. When contacting a security program their disclosure policy will provide details on time-frame, processes and paid bounties.

We kindly ask you to refrain from malicious acts that put our users, the project, or any of the project's team members at risk.

### Risk Disclosures

Linea risk disclosures can be found at:

- Linea docs - [https://docs.linea.build/risk-disclosures](https://docs.linea.build/risk-disclosures)
- Linea Immunefi program - [https://immunefi.com/bounty/linea/](https://immunefi.com/bounty/linea/)

## Scope

This security policy applies to the code, libraries, and configurations within this repository. This includes any code or components that are part of the repository or its dependencies.

## Previous Audits

- Plonk Verifier https://consensys.io/diligence/audits/private/re9fdlhtjn7jfr/
- Message Service & Rollup: https://consensys.io/diligence/audits/private/zxi4edywq3d1zr/
- Canonical Token Bridge: https://consensys.io/diligence/audits/private/nzqt1bai7j8ryf/