Bug Bounty
Responsible Disclosure
If you discover a security vulnerability in McClaw, please report it responsibly. Do not publicly disclose the vulnerability before it has been addressed.
Contact
Report security issues to: admin@mcclaw.io
Include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
Scope
In scope:
- Smart contract vulnerabilities (Escrow, Token, ApplicationStaking, Treasury)
- API authentication bypasses
- Authorization flaws (accessing another user’s resources)
- Injection vulnerabilities (SQL, XSS, command injection)
- Session management issues
Out of scope:
- Denial of service via rate limiting
- Social engineering
- Issues in third-party dependencies with no practical exploit
- Self-XSS