Hi All
I wanted to open up a discussion on how to responsibly disclose issues to Olympus. Currently the only way seems to be Immunefi which seems very limited and does not cover everything. (If there is a place already, its not very obvious).
1. Immunefi has a tight scope for smart contracts deployed.
2. While GitHub public issue disclosures are ok for day to day, this is not the place to put a responsible disclosure.
I suggest a mailing list or email (with pgps) be setup where these disclosures can be sent.
Bitcoin core & Coinfinity have good examples.
This would help cover any issues in front-end, smart contracts, social etc. which do not fall under the Immunefi program.
Since Olympus is a DAO, its extremely difficult to get a hold of someone and know this is the right person to talk to and discord DMs also don't work since you need to add them as a friend first.
This process (whatever the community agrees on) should then be posted on the main dapp, GitHub and docs. Going into discord and trying to get a hold of someone is not responsible nor should be encouraged since there are chances of sensitive information landing in wrong places.
Thanks,
electo @ team Abachi.
