Security at Seedify

At Seedify, security is a top priority. Our comprehensive security program spans organizational, operational, product, and application security—providing a holistic approach across all business operations and products. We adopt industry best practices and modern Web3 security mitigations to ensure robust protection. To reinforce this, our smart contracts are rigorously audited by trusted firms such[Certik]and[Hacken].

Seedify’s dedicated security team holds decades worth of experience from big tech and web3 with certifications ranging from OSCP, OSCE, Security+, ISC²’s CC, OSWE, and Encode Club Advanced Solidity.

For inquiries, contact [email protected]

Bug Bounty Program

The Bug Bounty Program encourages ethical hackers and security researchers to identify and disclose vulnerabilities responsibly. Qualifying reports are eligible for rewards.

Scope

The program focuses on vulnerabilities with significant business impact, including, but not limited to:

• Smart Contracts: Issues affecting functionality, security, or trust.
• Non-Trivial Web Vulnerabilities: High-risk exploits impacting user or system security.
• Broken Access Controls: Unauthorized access to restricted areas or sensitive data.

If your finding is pertinent, Seedify possesses the acumen to appreciate and address your work seriously.

Out of Scope

Reports involving the following are not eligible:

• Iframe Injection: Low-risk iframe-related findings.
• TLS Certificate Versions: Issues regarding non-critical protocol support.
• HTTP Security Header Omissions: Missing headers like X-Frame-Options or Strict-Transport-Security.

Reports generated from scanner templates are likely to have already been addressed.

Responsible Disclosure Policy

To qualify, reports must meet the following criteria:

• Email: Email the report to [email protected]
• Private Submission: Public disclosure prior to remediation invalidates a report.
• Proof of Concept (PoC): Reports should include a PoC demonstrating impact.
• Denial of Service (DoS): Testing must not involve intentional service disruption.

Failure to adhere to the policy may disqualify the report from rewards.

Rewards

Rewards are issued after vulnerabilities have been validated and resolved. The amount is determined based on the exploitability and impact of the vulnerability and is reviewed by the security team and internal stakeholders. Final approval of rewards rests with leadership.

PGP Key

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGdJkYwBDADrW2SAEFqsf0854TEpMj2y2P4cNWfVG3oaZkDNhTr+35PWqvWP
f/uEQ9rFhp2HA08TKpgY7pCEkI8FmLzpOydJiORxdLYZHWlcG2XxmvvICErd2XD/
sZCgd+jGX6c04X+zkxGvTG3VZ2VBEQCtC8JWbK+rFKoLSWVU3Vq0o/V7tEYXA6is
N7blKqVeAJZsaIgZWfk/97RaLI7amjDUCs0Vur23tl0QUsC6XZaE4aiTbKVcJNbe
AN6IXTqXn4YzB3KqFSRWYwsAGMWPS8Fleqq2v4+4VjA35bcvY9WrzyOk4+yRdltq
3AXitssF0KBlJIYc8eapZD6rI4ZOxmMHphP9a8viCJytKRr7n1ACP2ubAqUUO7mT
KTad+Al/CnVEIDp611j6/fQb1WnQR35JTb/BxzPhSkRml3Ys+9cBj3xsaFmMo7si
Z63xkh3NCGcyuzpb8dakMxVC0JGkc9CEjmOywzgey5LGXPM7xhwqoJrZRx+6zAe4
JcJG0i9OgnNBnVkAEQEAAbQoU2VlZGlmeSBTZWN1cml0eSA8c2VjdXJpdHlAc2Vl
ZGlmeS5mdW5kPokB1AQTAQoAPhYhBG60dT/QlDxxzEpEwZiv7pPI56jpBQJnSZGM
AhsDBQkFo5qABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJiv7pPI56jpNyAL
/iapX1zBLEKy7IEuAhgeFYfho8m/LgMburu92fUJqcGQSEq0KSZAkBMRUZHc8y9p
bXx7Qybmu6tHAPsI/OEcCfiRqVa1QloJqiDRASOCuxedUGTy80GfzhIUXkiN91Oj
oqVH/sHIFpldk433uym6su4HunpsUqLehCjMN1dSExsc+4M0josShfogXbtgDWQ4
seOZpikQFWnu97JxXDIhVAxhOov7RASW7xpczb2kyonryYeCjAzXnZww1ENVhlnZ
jbCie0nJ+EPw+HCAGLKZCGYrDrNrXxGNqU9yhcl9m0vI6LG3r2Lc0Ufz3+EpRwkX
WOtHIDcfl+0/uSeEA0EsJEc+vcNlKOUVTZAVxB6wIqPTwWszYtJJLPJFdqESsU8U
1yxlKiVZQ7bOJisM1kI+6ZDKDuQmMg/6yn9drbqE7vNnSM0TAuor3ECWWjWi1MCd
/y/FzzsKAPPA1Y94qTBHdA1m7NtyivN3LnGuJhu0iHWVzOvtoHWRpZ4AbDBgKUXD
mbkBjQRnSZGMAQwA3X/0xDl7VFt9W3BHjt1URCUxGIC+P+50gXRLRfD3VNRt61wn
kmQXrX69s3uNM6Gyq/bs5i2pYx73Agt53jwqxRMQE7/zQ2dqm30Gu4yQ3k93CBHD
RbQlezvMQ0XmnLaO/0xe+XKSyMylKAYoidOuHCsKSjGfzci0RYGvYNdrJdWxjtGC
bv/4iYoyy9Lp78ZwXhykSMXt0l43vW8ATwDhgM6opke4kXXX2lTBARCK7ry6R0vp
pMA0PE33/euS3oCzfhwa7HQPEEwm0KnbaNjmtV5srqV6kkpTnJPdhpo8BWDzwqIv
DRjgyFa091pG+p/TutEgKCxI3G9pYoj2we2OXsmFTS6FaWZFzFXtKIMJTPc/OQfW
wMNstumeuDxeElbwgPc354xtvomlzXhOfTus9P11ADiuNpHBxY7DM5F5yqHyj+BY
+Q+azifrYD5Wwj1FEhMMe0oY4MQOp/RCsJxi8hiObpkqSC1WldWkhHIoVdPDPE5m
18uSH1yTZ2Sb/olXABEBAAGJAbwEGAEKACYWIQRutHU/0JQ8ccxKRMGYr+6TyOeo
6QUCZ0mRjAIbDAUJBaOagAAKCRCYr+6TyOeo6Wd4DADE3WReAVBzfU4YijmnDsAY
O/zOYNRiMS8MW7/hZ//yLfRPfiI41mNbc83EtGkV5URfCcHFiA0YHOa6/UwlZ50I
BPnno4JF6lkh2kSHmbqzbtD5clGVR429TI585w90/RETfxF6fWKaRLgOFB6hU2/b
uq59s2GA9bP7XU+6NXVGdQoZuOC3/cOGOFDZ1/B1guMQlIJycQu6Fs5PX/n08WYb
LcPy6TZWxP5Yy6EgKVogvAGwrHPJZh6CFhITnZt2zCkQeoML/A/GnCswUT7ExGjA
daC6k1CKXAFVqKiLoZVqO077jFk5XcCSaHsI4lJRkOBLEyQK1Q9XAplZf+W4EaZd
dS4bj2wCvfpaDPYcmaFWmfgvfXJLRmPlrWdOCsOYUHYDssS4TyeGPjTpB0xTTnot
Lbw7nh6yC1apaLnJFQou9IbnSR3vSnR6zKC+W+9D63U9zverawGXIV0wV7qfZsWj
QIk0Mkvterc1xInhlwDvKNnIRTNnm/t7DduNl/rYSwc=
=G5of
-----END PGP PUBLIC KEY BLOCK-----