The QRL team encourage responsible security investigation and reporting.
What to report
Contact us if you have discovered security issues in any of the following:
- QRL protocol design and implementation
- Services deployed by the QRL team
- QRL network and infrastructure
If in doubt, send a report.
How to report
To report a security issue send an email to security@theqrl.org
Consider encrypting your message using the PGP key embedded below.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
| -----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFxoWCoBEAC+MluHOjH1EcEpGPO3N5i+zSGXwnLyz5ACQeU6GPxpXStlFc5V
GLNw70gtp7hBdVsCcmL6MVDMmvlUWqQ6bT0ED3Jt08yVmM340rUG19N2DvK7eFYT
6+8mst+WH0xh/1M1xSZC3tfQpLtVe8rQmkLfVjW6K677VNChS16vy0697UiWwWXm
Mf+XH6aV7WAcPqY97IyawEhdA6l960RZdnZlZhpOSrhMBPi0/abCp/A+jxXxRJ4A
aKIe2zTJ9/NFoRGgj+VytIVXYRg229Bihq0Vc2QNqgnuQxtHpVecXvde7sfBNpsk
effI0sLSRIUXxlN5/t85Vvm8XgOLZBRONr9wN90nLCSGvaNZFiBH4T72SyfwhTUF
Abo9cCCGof+/FDw6ITAdTU1YxUQNsvcbStGu9qvthxGAD+rdnL/FgPCLn4riyImi
VUlre8jhs62bh7kBMLWFt0OE8epVeQbS5E/0gLHHMmeTzHcBAy0nZ8lBzWwkwsbX
yN1gC+hPs4jqu3cJFD1S/5aEfe7uatedIevImW+nU7WoGIc1a9s7vSbNLVCkoeLq
i2x0vw3rNVg/4u5pHWgh0930EL9s6wTnMe8ZfEYaVjzpbZqfyRaCaRpyyAe0mU81
fYx4hFpr3AD1ALWM0Bnm68DQOhZlQz+u/yF93gQ4Qum6FUSBMNU1eVKpbQARAQAB
tCNTZWN1cml0eSB0ZWFtIDxzZWN1cml0eUB0aGVxcmwub3JnPokCVAQTAQoAPhYh
BLA1lB0arakj62Hy6xR2Imm/3RHzBQJcaFgqAhsDBQkHhh+ABQsJCAcDBRUKCQgL
BRYCAwEAAh4BAheAAAoJEBR2Imm/3RHznFMQAKMVefAf797BhDkVoQkkAlkr8uSq
6jlvceUW+lt7jiYkYCZHeRmipyEXwNqfw7T6+r2awixgDvnOtqyG4j7aq957uXWv
wIjcF9vm1lGOFMLZ49ZqnZqggQ7/9ckMevg3Labqw9x9TI/bhVbkBFVDpaQd5tFR
fjy16tqGN6DTgU+El30KE2zUQ0M48VmNPoKCYBcuV1fadkkKajWIA6ei6swoKKQV
PyLx9CNeLtH/fQ0jTki+oSuzvdWTYpQsltK7zkyDUpc7qKzDvISp5ER5v/j9pAlE
CqdfgNTh/ebcgzJ10mZ181sE5F6Z0Xixm89l8i96iUyuK76qb3Sbc+2/PQvE/PQX
xi7Sz3Ay2cujgIc1Cp+piW114fctA49JnAzCrI6t2MyS1PHx9gIw0VlWYxYLscI2
GEAVtKgW3vsl/gakDNfx2895UwD8f+31/RNTCZqZYp6Tocpf/VlVSoTjuYD8c6Cc
0SJ4bgZFMPMJ0sGNBlGtz+ZVb2e9kaHj6XC3y9nLdPOglfPc+8WF3l4ROLD9rpqG
t9erkTOn9bo0tuys8cJJiKYCpaQM2Qg1ZvOC+PyHFburWWAaU7mdVh+Ct/XWNbLE
OIlGAnMMsYSpCrgOBssIKj2vR/mos8OGp5c5L7liCkhexWnsCZmXQH2cJJegCMns
gmLy0ZpOfC8yumXtuQINBFxoWCoBEADPVF20365DS+JU5vQJucttbhlNaVGDbBUl
1EwU6ZymLMp3/hUv68RokmhyIZP32YCz+ezDCZqE2IX+w5TuG/h3/zZtSKVA6+Ze
EX+d8Iq+QwykEEUrwbjlWODzCuJZ4qzwH52Kg0RrGzRYiWsjG4vI0SJ7OL+R7uai
hrzOQixnH37atKrU143Z4SBtzQuxzmllGQOO72cGOvF39qmzvatd1OgX6GEw0TE5
pO5b80mLlsBg0TlzO/Ukk51difHx7nHhyJY1Q4RoqiQG+M6VEtKuefRh7lpobdet
Q35ubfW1m+EzoSRNOtiDAcgQNb4ejBfIS24On/2m7jrXzu42B08cRO4MbE6wYpgv
MmPONeqk8grB/3dOwRros4AT4CFSLFylbyI5lHHlShoeivKNS3nSoQIGH51PQFvq
QLPfKP7dYLXxf2d7w+5lrtogyp1Sr2Prn5gZ61GXirqprwEmTL+bzsKFuw3dewbr
Mv0xFD9TLvgAXXdmvwy6Y1wkNHsuufoX42EklehwwxDyeeIXKihPR8uuMtb6hOy5
tETJF5ZCi5Kg0hjvJvo9ewUjmq+sXtDYqO59NdPXXZQ7JElGyucnCRuv2h2onSGG
W5gkoly5AIHg8Y8zB0RHA2Ag2IHwSMInbGZ6lGlQaZftXUOhTlZ4OFoPJOEcIemU
VLI87sTqMQARAQABiQI7BBgBCgAmFiEEsDWUHRqtqSPrYfLrFHYiab/dEfMFAlxo
WCoCGwwFCQeGH4AACgkQFHYiab/dEfP24Q/4nEC4xKNQlsUqkwK0BsASEocKelc5
zKpnl0s81l4TPWI9LDqIt6C7jsMZ5ZLthD+HCfDlNpL24x6JZHstF/+ao3Ujc2Dd
K15cBfPwMIk7lhKdK4+V9AFQnNtLL1IfRawafsjQ/6liZpDZd0PWiYfAozr+unAD
lxUn3Bv1hkWxzegZMMgJ6hu5/OnQ7wV87mJ68R7CtZMiNM92iNXGF8AxOLab/iXN
amfyBmivoriDcFJkTypcSkXCNc/OePGR36DaNZ9OG1fIYsxnqzicpZUZYUXUrPdl
nLJB4i8a0bVn0Je+n6QgbJIu87MnUlIhA6ZIxo2xFt+jwKBlVUdva1n1YJnGeHCL
6MqV0FJyNck+hB1/iu2xevp2nWaeYghXenKbrSzuc+3ueFdnxMwVeJ7WnpXs/pJo
1a0floc9sAniDU05uEQyrm0RjsIhuxBd2fgNtck3KL4NaLWnA2mUgRme5RMY1tKg
0lJ4hjgz3pSWpA0KvhGITzsWyUVB4xRTgAHPTsE2hTf95aMcHCaabc0E7m2E1VhL
9qvdk13cXb87zIaHkMJ7XZn1OrhpQ0rpKuM+NiwhzxxPPuJWGEQunGoPMjhBLgtE
kqHF5I0jMU2WqRyi6nskcPKN9aXglR0C7nogscBwW0BgMa+baUZB/DJSqx1hARsh
vjMzwZI8HPGr3w==
=d7QU
-----END PGP PUBLIC KEY BLOCK-----
|
To facilitate reproduction of reported issues, we encourage you to include the following information if possible:
- Description of the issue
- Description of the issue’s potential security impact
- The affected resource. e.g. URL, GitHub code snippet, transaction
- Ideally a proof-of-concept that demonstrates the issue
Our process
Upon receiving your report, the QRL team will assess the issue and reach out to ask for additional information and/or provide assessment.
Any reported security issues may be eligible for rewards under the terms of The QRL Bug Bounty Program.