Security at Seedify

At Seedify, security is a top priority. Our comprehensive security program spans organizational, operational, product, and application security—providing a holistic approach across all business operations and products. We adopt industry best practices and modern Web3 security mitigations to ensure robust protection. To reinforce this, our smart contracts are rigorously audited by trusted firms such[Certik]and[Hacken].

Seedify’s dedicated security team holds decades worth of experience from big tech and web3 with certifications ranging from OSCP, OSCE, Security+, ISC²’s CC, OSWE, and Encode Club Advanced Solidity.

For inquiries, contact [email protected]

Bug Bounty Program

The Bug Bounty Program encourages ethical hackers and security researchers to identify and disclose vulnerabilities responsibly. Qualifying reports are eligible for rewards.

Scope

The program focuses on vulnerabilities with significant business impact, including, but not limited to:

• Smart Contracts: Issues affecting functionality, security, or trust.
• Non-Trivial Web Vulnerabilities: High-risk exploits impacting user or system security.
• Broken Access Controls: Unauthorized access to restricted areas or sensitive data.

If your finding is pertinent, Seedify possesses the acumen to appreciate and address your work seriously.

Out of Scope

Reports involving the following are not eligible:

• Iframe Injection: Low-risk iframe-related findings.
• TLS Certificate Versions: Issues regarding non-critical protocol support.
• HTTP Security Header Omissions: Missing headers like X-Frame-Options or Strict-Transport-Security.

Reports generated from scanner templates are likely to have already been addressed.

Responsible Disclosure Policy

To qualify, reports must meet the following criteria:

• Email: Email the report to [email protected]
• Private Submission: Public disclosure prior to remediation invalidates a report.
• Proof of Concept (PoC): Reports should include a PoC demonstrating impact.
• Denial of Service (DoS): Testing must not involve intentional service disruption.

Failure to adhere to the policy may disqualify the report from rewards.

Rewards

Rewards are issued after vulnerabilities have been validated and resolved. The amount is determined based on the exploitability and impact of the vulnerability and is reviewed by the security team and internal stakeholders. Final approval of rewards rests with leadership.

PGP Key

-----BEGIN PGP PUBLIC KEY BLOCK----- mQGNBGdJkYwBDADrW2SAEFqsf0854TEpMj2y2P4cNWfVG3oaZkDNhTr+35PWqvWP f/uEQ9rFhp2HA08TKpgY7pCEkI8FmLzpOydJiORxdLYZHWlcG2XxmvvICErd2XD/ sZCgd+jGX6c04X+zkxGvTG3VZ2VBEQCtC8JWbK+rFKoLSWVU3Vq0o/V7tEYXA6is N7blKqVeAJZsaIgZWfk/97RaLI7amjDUCs0Vur23tl0QUsC6XZaE4aiTbKVcJNbe AN6IXTqXn4YzB3KqFSRWYwsAGMWPS8Fleqq2v4+4VjA35bcvY9WrzyOk4+yRdltq 3AXitssF0KBlJIYc8eapZD6rI4ZOxmMHphP9a8viCJytKRr7n1ACP2ubAqUUO7mT KTad+Al/CnVEIDp611j6/fQb1WnQR35JTb/BxzPhSkRml3Ys+9cBj3xsaFmMo7si Z63xkh3NCGcyuzpb8dakMxVC0JGkc9CEjmOywzgey5LGXPM7xhwqoJrZRx+6zAe4 JcJG0i9OgnNBnVkAEQEAAbQoU2VlZGlmeSBTZWN1cml0eSA8c2VjdXJpdHlAc2Vl ZGlmeS5mdW5kPokB1AQTAQoAPhYhBG60dT/QlDxxzEpEwZiv7pPI56jpBQJnSZGM AhsDBQkFo5qABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJiv7pPI56jpNyAL /iapX1zBLEKy7IEuAhgeFYfho8m/LgMburu92fUJqcGQSEq0KSZAkBMRUZHc8y9p bXx7Qybmu6tHAPsI/OEcCfiRqVa1QloJqiDRASOCuxedUGTy80GfzhIUXkiN91Oj oqVH/sHIFpldk433uym6su4HunpsUqLehCjMN1dSExsc+4M0josShfogXbtgDWQ4 seOZpikQFWnu97JxXDIhVAxhOov7RASW7xpczb2kyonryYeCjAzXnZww1ENVhlnZ jbCie0nJ+EPw+HCAGLKZCGYrDrNrXxGNqU9yhcl9m0vI6LG3r2Lc0Ufz3+EpRwkX WOtHIDcfl+0/uSeEA0EsJEc+vcNlKOUVTZAVxB6wIqPTwWszYtJJLPJFdqESsU8U 1yxlKiVZQ7bOJisM1kI+6ZDKDuQmMg/6yn9drbqE7vNnSM0TAuor3ECWWjWi1MCd /y/FzzsKAPPA1Y94qTBHdA1m7NtyivN3LnGuJhu0iHWVzOvtoHWRpZ4AbDBgKUXD mbkBjQRnSZGMAQwA3X/0xDl7VFt9W3BHjt1URCUxGIC+P+50gXRLRfD3VNRt61wn kmQXrX69s3uNM6Gyq/bs5i2pYx73Agt53jwqxRMQE7/zQ2dqm30Gu4yQ3k93CBHD RbQlezvMQ0XmnLaO/0xe+XKSyMylKAYoidOuHCsKSjGfzci0RYGvYNdrJdWxjtGC bv/4iYoyy9Lp78ZwXhykSMXt0l43vW8ATwDhgM6opke4kXXX2lTBARCK7ry6R0vp pMA0PE33/euS3oCzfhwa7HQPEEwm0KnbaNjmtV5srqV6kkpTnJPdhpo8BWDzwqIv DRjgyFa091pG+p/TutEgKCxI3G9pYoj2we2OXsmFTS6FaWZFzFXtKIMJTPc/OQfW wMNstumeuDxeElbwgPc354xtvomlzXhOfTus9P11ADiuNpHBxY7DM5F5yqHyj+BY +Q+azifrYD5Wwj1FEhMMe0oY4MQOp/RCsJxi8hiObpkqSC1WldWkhHIoVdPDPE5m 18uSH1yTZ2Sb/olXABEBAAGJAbwEGAEKACYWIQRutHU/0JQ8ccxKRMGYr+6TyOeo 6QUCZ0mRjAIbDAUJBaOagAAKCRCYr+6TyOeo6Wd4DADE3WReAVBzfU4YijmnDsAY O/zOYNRiMS8MW7/hZ//yLfRPfiI41mNbc83EtGkV5URfCcHFiA0YHOa6/UwlZ50I BPnno4JF6lkh2kSHmbqzbtD5clGVR429TI585w90/RETfxF6fWKaRLgOFB6hU2/b uq59s2GA9bP7XU+6NXVGdQoZuOC3/cOGOFDZ1/B1guMQlIJycQu6Fs5PX/n08WYb LcPy6TZWxP5Yy6EgKVogvAGwrHPJZh6CFhITnZt2zCkQeoML/A/GnCswUT7ExGjA daC6k1CKXAFVqKiLoZVqO077jFk5XcCSaHsI4lJRkOBLEyQK1Q9XAplZf+W4EaZd dS4bj2wCvfpaDPYcmaFWmfgvfXJLRmPlrWdOCsOYUHYDssS4TyeGPjTpB0xTTnot Lbw7nh6yC1apaLnJFQou9IbnSR3vSnR6zKC+W+9D63U9zverawGXIV0wV7qfZsWj QIk0Mkvterc1xInhlwDvKNnIRTNnm/t7DduNl/rYSwc= =G5of -----END PGP PUBLIC KEY BLOCK-----