Parallax is a security-critical project. If you discover a vulnerability, please do not open a public issue.
Instead, report it responsibly via email to: security@parallaxprotocol.org
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We aim to acknowledge reports within 48 hours and provide a resolution timeline within 7 days. Critical vulnerabilities will be prioritized.
This policy covers the Parallax CLI client and its dependencies. It does not cover third-party applications built on Parallax.
We follow coordinated disclosure. We will work with reporters to agree on a disclosure timeline after a fix is available.