Last updated March 15, 2023
Bluefin is committed to ensuring the security of the public by protecting their information. This policy intends to explain our preferences for how security researchers should submit vulnerabilities identified by us, as well as to provide them with clear standards for completing vulnerability discovery activities.
This policy outlines the systems and categories of research that fall within its scope and how to disclose vulnerabilities to us.
Please get in touch with us if you discover any potential system flaws.
In accordance with this policy, "research" refers to activities in which you:
You must halt your test, let us know right away, and keep this information to yourself if you've found a vulnerability or come across sensitive data (such as personally identifiable information, financial information, or intellectual information or trade secrets of any party).
The following test methods are not authorized:
Any vulnerability not previously disclosed by us or our independent auditors in their reports.
If you believe you’ve found a security vulnerability in one of our contracts or platforms, send it to us by emailing [email protected]. Please include the following details with your report:
If you follow these guidelines when reporting an issue to us, we commit to:
Questions regarding this policy may be sent to [email protected]. We also invite you to contact us with suggestions for improving this policy.
i) The platform is not available to United States residents
ii) All assets on Bluefin involve a degree of risk and may result in partial or total loss of your investment
iii) Sub-second settlement does not incorporate network latency or congestion