Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: security assumptions #288

Merged
merged 6 commits into from
Oct 6, 2024
Merged

docs: security assumptions #288

merged 6 commits into from
Oct 6, 2024

Conversation

smol-ninja
Copy link
Member

Closes #268

@smol-ninja
Copy link
Member Author

Should I add bug bounty similar to lockup?

@PaulRBerg
Copy link
Member

Yes.

@smol-ninja
Copy link
Member Author

smol-ninja commented Oct 6, 2024
edited
Loading

  • I have mentioned the starting date for bug bounty to be Dec 1, 2024 since our audits will be done by then.
  • While reviewing, main focus can be on the "Assumptions" as most content is similar to Lockup.

andreivladbrg
andreivladbrg reviewed Oct 6, 2024
View reviewed changes
Copy link
Member

@andreivladbrg andreivladbrg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should include more Flow-related points in the Assumptions section.

One suggestion could be: "Sablier holds no responsibility if the sender doesn't deposit sufficient funds for the recipient on time. This is a matter for the involved parties to resolve, as we simply provide the platform for tracking debt."

wdyt? @smol-ninja

@smol-ninja
Copy link
Member Author

smol-ninja commented Oct 6, 2024
edited
Loading

Sablier holds no responsibility if the sender doesn't deposit sufficient funds for the recipient on time. This is a matter for the involved parties to resolve, as we simply provide the platform for tracking debt

How is it relevant to the security assumptions? I think these are more relevant to user docs which will be hosted on docs site.

@andreivladbrg
Copy link
Member

How is it relevant to the security assumptions? I think these are more relevant to user docs which will be hosted on docs site

IMO it is relevant to mention this to auditors as an "Assumption", but I agree, it would be better to place it in docs👍

andreivladbrg
andreivladbrg approved these changes Oct 6, 2024
View reviewed changes
Copy link
Member

@andreivladbrg andreivladbrg left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r_downey_thumbs_up

@andreivladbrg andreivladbrg merged commit 5bbe0f4 into main Oct 6, 2024
7 checks passed
@andreivladbrg andreivladbrg deleted the docs/security.md branch October 6, 2024 15:50
@PaulRBerg
Copy link
Member

agree with @smol-ninja, senders not paying their debt is not a matter of losing funds but of offchain agreements between users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andreivladbrg andreivladbrg andreivladbrg approved these changes

@PaulRBerg PaulRBerg Awaiting requested review from PaulRBerg

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add SECURITY.md
3 participants
@smol-ninja @PaulRBerg @andreivladbrg