Category Labs engages third party audit firms to conduct independent security audits of their implementation of the Monad client. At any given time, multiple audit streams can be in progress.
As these third party audits are completed and issues are sufficiently addressed, we make those audit reports public. Audits can be found in the monad-audits repository.
We are committed to maintaining the security and integrity of our codebase and appreciate the security research community’s efforts in helping us achieve this goal. If you believe you have discovered a security vulnerability in our codebase, we encourage responsible disclosure.
Please follow the disclosure requirements listed in the public Cantina bug bounty to be considered eligible for a bug bounty.
DO NOT report critical security vulnerabilities through public channels, including GitHub issues or public forums.
For other security-related reports, you may email us at: security@category.xyz.
Please include the following information in your report:
- Detailed description of the vulnerability
- Step-by-step reproduction instructions
- Assessment of potential security impact and exploitation scenarios
- Proof-of-concept code or exploit demonstration (if applicable)
- Your preferred contact information for follow-up communications
The following issues are considered outside the scope of our vulnerability disclosure program:
- Social engineering or phishing attacks
- Physical security vulnerabilities
- Denial of service (DoS) attacks
- Vulnerabilities in third-party dependencies (except where they create a protocol-level security issue)
- Issues requiring unauthorized physical access to systems or infrastructure
- Theoretical vulnerabilities without demonstrated exploitation paths
- Vulnerabilities related to smart contracts, dApps, or anything else not included in this codebase
- Previously reported and acknowledged vulnerabilities