Producing software inherently comes with risks. All software, especially new releases and substantial code re-writes, have a higher probability of producing bugs during production and initial release. To combat this, the ARK team has introduced modern testing methods, higher test coverage, a custom developed e2e testing framework and increased the availability for testing on our Development Network before the releases. Despite all of that, no one can catch every potential issue.
Instead of shying away from exposing security vulnerabilities, Ark encourages academics, researchers, hobbyists and community members to find and disclose critical errors and bugs.
As an open-source, distributed network, we need to handle updates and critical errors more carefully than a traditional tech company:
Due to these reasons, we cannot simply put a deadline on the public disclosure of a vulnerability. Some may be fixed in a few hours to days; others must be researched for months before being published.
Do not contact any individual Ark team member, Delegate or community member if you suspect you have found a vulnerability. Contact us at email@example.com and include: