Vulnerability disclosure
CashXChain values responsible security research.
Report a vulnerability
Send security reports to:
Include:
- A clear description of the issue.
- Steps to reproduce.
- Impact assessment.
- Affected endpoint or page.
- Screenshots or logs if helpful.
- Your contact information.
Rules of engagement
Do not:
- Access, modify, or delete data that is not yours.
- Test against real customer payment flows without authorization.
- Perform denial-of-service testing.
- Use social engineering.
- Exfiltrate secrets or customer data.
- Publicly disclose before CashXChain has reviewed the report.
Safe testing
Use sandbox whenever possible. If you believe a production issue exists, report it without exploiting it beyond what is necessary to demonstrate impact.
Response
CashXChain will acknowledge valid reports, investigate, prioritize remediation, and coordinate disclosure where appropriate.