Security vulnerabilities should be disclosed to the project maintainers through [Cantina], or alternatively by email to security@infrared.finance.

Responsible disclosure of security vulnerabilities is rewarded through a bug bounty program on Cantina.There is a bonus reward for issues introduced in release candidates that are reported before making it into a stable release.

Security vulnerabilities will be patched as soon as responsibly possible, and published as an advisory on this repository (see [advisories]) and on the affected packages.Projects that build on Infrared Finance Contracts are encouraged to clearly state, in their source code and websites, how to be contacted about security issues in the event that a direct notification is considered necessary. We recommend including it in the NatSpec for the contract as /// @custom:security-contact security@example.com.Additionally, we recommend installing the library through appropriate package managers and setting up vulnerability alerts such as [Dependabot].

Blockchain is a nascent technology and carries a high level of risk and uncertainty. Infrared Finance makes certain software available under open source licenses, which disclaim all warranties in relation to the project and which limits the liability of Infrared Finance. Subject to any particular licensing terms, your use of the project is governed by the terms found at https://infrared.finance/terms (the "Terms"). As set out in the Terms, you are solely responsible for any use of the project and you assume all risks associated with any such use. This Security Policy in no way evidences or represents an ongoing duty by any contributor, including Infrared Finance, to correct any issues or vulnerabilities or alert you to all or any of the risks of utilizing the project.