At ModeSpray, we take security seriously and are committed to protecting our users. We appreciate responsible security researchers who help us identify and fix vulnerabilities in a responsible manner.
If you believe you have found a security vulnerability in ModeSpray, we encourage you to report it as soon as possible.
- How to report: Please create a GitHub Issue in our repository: GitHub repo link.
- What to include in your report:
- A clear explanation of the vulnerability.
- Steps to reproduce the issue.
- Any potential security impact.
- Any suggested fixes, if applicable.
🚨 Only issues that allow unauthorized token extraction or transaction execution without user consent are considered critical. ModeSpray is a community-driven project, and all users are responsible for their own security.
- Act in good faith and responsibly.
- Do not exploit, leak, or use the vulnerability for malicious purposes.
- Do not conduct attacks that could harm users, including DoS, social engineering, or phishing.
- Do not demand payment, blackmail, or threaten legal action.
- We will acknowledge the report within 48 hours.
- We will investigate the issue and, if valid, work on a fix.
- We will credit the researcher (if they wish) after the fix is deployed.
At this time, ModeSpray does not have a bug bounty program. While we appreciate responsible reports, we do not offer financial rewards.
- Unauthorized access, modification, or disruption of services may be illegal.
- We do not tolerate extortion, threats, or blackmail related to security reports.
- Any unethical behavior will be reported to the appropriate authorities.
Thank you for helping keep ModeSpray safe for the community! 🙌