Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in TaoApp Wallet, please report it responsibly.

Do not report security vulnerabilities through public channels.

How to Report

Include:

Description of the vulnerability
Steps to reproduce
Potential impact assessment
Suggested fix (if any)

Safe Harbor

We will not pursue legal action against security researchers who report vulnerabilities in good faith, follow responsible disclosure practices, and do not access or modify other users' data.

Response Timeline

Acknowledgment: within 48 hours
Initial assessment: within 5 business days
Resolution target: depends on severity

Scope

The following are in scope:

TaoApp Wallet browser extension
Key management and encryption (vault, PBKDF2, AES-GCM)
Session handling and auto-lock
dApp communication and signing flow
Content script / inpage provider injection

Out of Scope

Bittensor network / runtime vulnerabilities
Third-party browser vulnerabilities
Social engineering attacks
Issues requiring physical access to an unlocked device with an unlocked wallet

Security Model

For details on the wallet's encryption, session management, and threat model, see Security Model.

Security Policy ​

Reporting a Vulnerability ​

How to Report ​

Safe Harbor ​

Response Timeline ​

Scope ​

Out of Scope ​

Security Model ​