This repository contains documentation and public technical references for Eormc Exchange. For platform security issues, refer to the reporting process below.
If you discover a security vulnerability related to Eormc Exchange's platform, API, or infrastructure, do not open a public GitHub issue.
Report it directly to our security team:
Please include:
- A clear description of the vulnerability
- Steps to reproduce or proof-of-concept (if applicable)
- Potential impact assessment
- Your contact information (optional, for follow-up)
| Stage | Timeframe |
|---|---|
| Acknowledgement | Within 48 hours |
| Initial assessment | Within 5 business days |
| Status update | Within 14 business days |
| Resolution (critical) | As soon as possible |
In scope:
- Eormc Exchange platform and trading infrastructure
- API endpoints (REST / WebSocket)
- Authentication and account security mechanisms
- Fund custody and wallet infrastructure
Out of scope:
- Third-party services and integrations
- Social engineering attacks
- Physical security
- Issues already publicly disclosed
Eormc follows a coordinated disclosure model. We ask that you give us reasonable time to investigate and remediate before any public disclosure. We commit to keeping you informed throughout the process.
We do not currently operate a formal bug bounty program, but we recognize significant contributions at our discretion.
For non-security inquiries: eormc.org