> For the complete documentation index, see [llms.txt](https://docs.mineglyph.xyz/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.mineglyph.xyz/security/responsible-disclosure.md).

# Responsible disclosure

If you find a security vulnerability in Mine Glyph — in the contracts, the indexer/signer service, or the frontend — we want to hear about it before it is exploited.

## How to report

* **Email:** <security@mineglyph.xyz>
* Include enough detail to reproduce: affected component, steps, impact, and (if possible) a proof of concept.
* Please encrypt sensitive details if you can, and give us a reasonable window to respond before any public disclosure.

## Scope

**In scope**

* `GlyphToken` and `GlyphMining` contracts (logic, access control, accounting, the supply cap, signature verification).
* The indexer/signer service (signature handling, hashrate computation, key exposure, injection, auth).
* The frontend (XSS, transaction-construction issues, address spoofing).

**Out of scope**

* Anything requiring a compromised user device or wallet.
* Social engineering, phishing of users or team members.
* Denial of service from raw request volume, or issues in third-party infrastructure (RPC providers, hosting, the underlying chain).
* Already-documented trust assumptions (e.g. that the signer key is trusted, or that the admin can mint before renouncement) — see [Security model](/security/security-model.md).

## Our commitment

* We will acknowledge a valid report and keep you updated on the fix.
* We will not pursue legal action against good-faith research that respects this policy and user privacy, and that does not degrade the service or destroy data.
* Where a bug bounty is active, qualifying reports may be eligible for a reward; terms are announced through official channels.

## Please do not

* Exploit a vulnerability beyond what is needed to prove it.
* Access, modify, or destroy data that is not yours.
* Publicly disclose before we have had a chance to remediate.

Thank you for helping keep miners safe.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.mineglyph.xyz/security/responsible-disclosure.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
