Responsible disclosure
Official policy for reporting security vulnerabilities affecting MISAKA websites, linked infrastructure, and protocol-related smart contracts.
Scope
This page covers trust.misakachain.com — the canonical location for vulnerability disclosure and bug bounty information. The public MISAKA hub remains misakachain.com.
How to report
Email contact@misakaminer.com with a clear subject line. Include steps to reproduce, affected components, and your assessment of impact. If you believe a vulnerability is actively exploited, say so in the first line.
contact@misakaminer.comIn scope (examples)
Authentication or authorization flaws on official sites; misconfiguration that could lead to loss of user funds; critical issues in published smart contracts tied to the MISAKA mint and staking programs; dependency or supply-chain issues on our deployment surfaces.
Out of scope (examples)
Social engineering, spam, or theoretical issues without a practical exploit; vulnerabilities in third-party wallets, DEXes, or block explorers; denial-of-service against public RPC endpoints without a clear protocol impact; issues already reported or fixed in a pending release.
Bug bounty
A formal reward schedule and platform integration may be announced later. Until then, we triage good-faith reports and may offer recognition or compensation at our discretion. Do not demand payment before disclosure.
Safe disclosure
Do not access or exfiltrate user data beyond what is necessary to demonstrate the issue. Do not perform destructive testing on mainnet. Do not disclose publicly until we have agreed on a timeline or a reasonable grace period has passed.
Contact
For general inquiries, use the contact page on misakachain.com. For security-sensitive reports only, use contact@misakaminer.com.
Open Discord