If you discover a security vulnerability in Xeon Protocol, we encourage you to report it to us as soon as possible. We will handle your report with the highest priority and confidentiality.

Please email your findings to jon@xeon-protocol.io or send a DM on Warpcast. Include as much detail as possible to help us understand and reproduce the issue. If applicable, include a link or hash to any relevant onchain transactions.

• Acknowledgement: We will acknowledge receipt of your report within 48 hours.
• Initial Triage: We will complete an initial assessment of your report within 5 business days.
• Resolution: We will work to resolve the issue as quickly as possible, keeping you informed of our progress.
• Reward: If the findings are eligible for a reward, we will reach out for a receiving address and process payment within 5 business days after resolution.

Portions of our codebase are subject to the Xeon Protocol Bug Bounty (the "Program") to incentivize responsible disclosure of vulnerabilities. We are offering XEON token rewards for submissions that meet eligibility criteria.

More details can be found here.

To stay informed about security updates, follow us on Warpcast and X for the latest updates. Additionally, we publish regular articles on our Paragraph Newsletter.

We are committed to ensuring the security of our platform and follow best practices, including:

• Regular penetration testing
• Open-Sourcing public contracts
• Continuous dependency management
• Proactive vulnerability scanning

Thank you for helping us keep the Xeon Protocol secure.