Create SECURITY.md #111
Merged
Create SECURITY.md #111
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Set up for security protocols.
|
Implementing security ( SECURITY.md ) |
|
Nice! Should there be some bounty/reward for finding critical bugs? Things that should be added: Extra link: |
|
Yes, I love the idea of a bounty/reward for our system. It would serve us in several ways.
|
|
Perhaps better to just create an advisory, and link to there from the SECURITY.md? https://docs.github.com/en/code-security/security-advisories/creating-a-security-advisory? Let's wait with defining bug bounties; more of a decision for Cosmin I reckon. |
Yes! This would be awesome, since it allows users to submit private(non-pubic) github issues with severe bugs in them and also allows us to create CVE-look-a-likes to assign to each bug |
|
Looks good, needs reporting instructions too. |
KaiserKarel
reviewed
Oct 11, 2021
KaiserKarel
approved these changes
Oct 11, 2021
flipchan
approved these changes
Oct 11, 2021
seunlanlege
pushed a commit
that referenced
this pull request
Oct 12, 2021
* Create SECURITY.md Set up for security protocols. * More guidelines * rewards section Co-authored-by: Filip <[email protected]> Update setup-auto-release Updating github workflow Implement auto update feature using two approaches Implement auto update feature using two approaches Implement auto update feature using two approaches
seunlanlege
pushed a commit
that referenced
this pull request
Oct 12, 2021
* Create SECURITY.md Set up for security protocols. * More guidelines * rewards section Co-authored-by: Filip <[email protected]> Update setup-auto-release Updating github workflow Implement auto update feature using two approaches Implement auto update feature using two approaches Implement auto update feature using two approaches Co-authored-by: Douglas Kuhn <[email protected]>
hussein-aitlahcen
added a commit
that referenced
this pull request
Oct 12, 2021
* Refactoring of pallet-lending (#178) * Create SECURITY.md (#111) (#174) * Create SECURITY.md Set up for security protocols. * More guidelines * rewards section Co-authored-by: Filip <[email protected]> Update setup-auto-release Updating github workflow Implement auto update feature using two approaches Implement auto update feature using two approaches Implement auto update feature using two approaches Co-authored-by: Douglas Kuhn <[email protected]> * better naming, comments & documentation * introduce account privilege traits, allowing inspection + mutation * introduce pallet-privilege which implements all the privilege traits * add privilege pallet event triggers * add privilege pallet readme * refactor promote/revoke behavior to be noop over privileged/nonprivileged user Co-authored-by: andor0 <[email protected]> Co-authored-by: Adedayo Akinpelu <[email protected]> Co-authored-by: Douglas Kuhn <[email protected]>
dzmitry-lahoda
added a commit
that referenced
this pull request
Oct 20, 2021
* Refactoring of pallet-lending (#178) * Create SECURITY.md (#111) (#174) * Create SECURITY.md Set up for security protocols. * More guidelines * rewards section Co-authored-by: Filip <[email protected]> Update setup-auto-release Updating github workflow Implement auto update feature using two approaches Implement auto update feature using two approaches Implement auto update feature using two approaches Co-authored-by: Douglas Kuhn <[email protected]> * better naming, comments & documentation * introduce account privilege traits, allowing inspection + mutation * introduce pallet-privilege which implements all the privilege traits * add privilege pallet event triggers * add privilege pallet readme * refactor promote/revoke behavior to be noop over privileged/nonprivileged user Co-authored-by: andor0 <[email protected]> Co-authored-by: Adedayo Akinpelu <[email protected]> Co-authored-by: Douglas Kuhn <[email protected]> # Conflicts: # Cargo.lock # frame/lending/src/lib.rs
dzmitry-lahoda
added a commit
that referenced
this pull request
Oct 21, 2021
* Refactoring of pallet-lending (#178) * Create SECURITY.md (#111) (#174) * Create SECURITY.md Set up for security protocols. * More guidelines * rewards section Co-authored-by: Filip <[email protected]> Update setup-auto-release Updating github workflow Implement auto update feature using two approaches Implement auto update feature using two approaches Implement auto update feature using two approaches Co-authored-by: Douglas Kuhn <[email protected]> * better naming, comments & documentation * introduce account privilege traits, allowing inspection + mutation * introduce pallet-privilege which implements all the privilege traits * add privilege pallet event triggers * add privilege pallet readme * refactor promote/revoke behavior to be noop over privileged/nonprivileged user Co-authored-by: andor0 <[email protected]> Co-authored-by: Adedayo Akinpelu <[email protected]> Co-authored-by: Douglas Kuhn <[email protected]> Signed-off-by: dzmitry-lahoda <[email protected]>
dzmitry-lahoda
added a commit
that referenced
this pull request
Oct 21, 2021
* Refactoring of pallet-lending (#178) * Create SECURITY.md (#111) (#174) * Create SECURITY.md Set up for security protocols. * More guidelines * rewards section Co-authored-by: Filip <[email protected]> Update setup-auto-release Updating github workflow Implement auto update feature using two approaches Implement auto update feature using two approaches Implement auto update feature using two approaches Co-authored-by: Douglas Kuhn <[email protected]> * better naming, comments & documentation * introduce account privilege traits, allowing inspection + mutation * introduce pallet-privilege which implements all the privilege traits * add privilege pallet event triggers * add privilege pallet readme * refactor promote/revoke behavior to be noop over privileged/nonprivileged user Co-authored-by: andor0 <[email protected]> Co-authored-by: Adedayo Akinpelu <[email protected]> Co-authored-by: Douglas Kuhn <[email protected]> Signed-off-by: dzmitry-lahoda <[email protected]>
dzmitry-lahoda
added a commit
that referenced
this pull request
Oct 21, 2021
* Refactoring of pallet-lending (#178) * Create SECURITY.md (#111) (#174) * Create SECURITY.md Set up for security protocols. * More guidelines * rewards section Co-authored-by: Filip <[email protected]> Update setup-auto-release Updating github workflow Implement auto update feature using two approaches Implement auto update feature using two approaches Implement auto update feature using two approaches Co-authored-by: Douglas Kuhn <[email protected]> * better naming, comments & documentation * introduce account privilege traits, allowing inspection + mutation * introduce pallet-privilege which implements all the privilege traits * add privilege pallet event triggers * add privilege pallet readme * refactor promote/revoke behavior to be noop over privileged/nonprivileged user Co-authored-by: andor0 <[email protected]> Co-authored-by: Adedayo Akinpelu <[email protected]> Co-authored-by: Douglas Kuhn <[email protected]> # Conflicts: # Cargo.lock # frame/lending/src/lib.rs Signed-off-by: dzmitry-lahoda <[email protected]>
dzmitry-lahoda
added a commit
that referenced
this pull request
Oct 21, 2021
* Refactoring of pallet-lending (#178) * Create SECURITY.md (#111) (#174) * Create SECURITY.md Set up for security protocols. * More guidelines * rewards section Co-authored-by: Filip <[email protected]> Update setup-auto-release Updating github workflow Implement auto update feature using two approaches Implement auto update feature using two approaches Implement auto update feature using two approaches Co-authored-by: Douglas Kuhn <[email protected]> * Refactoring of pallet-lending (#182) * - Implement dynamic PID controller based interest rate model. See details at https://www.delphidigital.io/reports/dynamic-interest-rate-model-based-on-control-theory/ - Add InterestRate trait which provides get_borrow_rate() method. * start refactor and inline docs (#169) * start refactor and inline docs * added more inline docs * more docs * clean * quick clean * fmt * fmt * polkadot-v0.9.11 (#187) * fix wasm build (#192) * fix wasm build * pin orml to rev * Update off-chain worker of pallet-lending (#190) * remove request id (#194) * test fixes (#195) * Fix release benchmark feature build. * Add cumulus-ping in Runtime (#197) * enable CI on develop branch (#199) * Implement DoubleExponent interest rate model. (#185) * Copy and paste code of cumulus-ping pallet (#198) * Remove unused dependencies (#203) * pallet-assets (#112) * POC of pallet-assets * use Assets in vault::Config * implement ReservableCurrency make event a placeholder * define and implement MultiCurrency trait clippy * use Assets as Currency implementation * add extrinsics to pallet-asset * weights file weights working weights added * implement common orml traits * implement MultiReservableCurrency * Use WeightInfo in extrinsics * fix merge * Update benchmarks of pallet-lending (#148) * Add offchain worker to monitor loans which should be liquidate or warned. (#151) * Add offchain worker to monitor loans which should be liquidate or warned. * Update benchmarks of pallet-lending Co-authored-by: Andrey Orlov <[email protected]> * light refactoring (#152) * simplify traits Prefer the usage of by-value for value parameters such as Balance and the usage of `DispatchResult` instead of custom error. * use try_mutate for mutating the auction order * move `WrappingNext` to composable traits * update gitignore, some tools are not supporting **/ patterns * lending borrow/repay fixes & isolation test & more vault test (#156) * add a note about how we are handling vault<->market * use the more explicit type aliases * `into_sub_account` require >8bytes AccountId * fix borrow_for_collateral, express itself as borrow asset unit instead of $ * introduce vault stock_dilution_rate tests * documentation & more inline pragmas * better error name When we hit a MustLiquidate while borrowing, this probably mean that the market is being closed and waiting for repays to happen. * refactor * avoid setting minimum deposit to let proptest pass with low values * fix borrow/repay tests and introduce market isolation test * auction and lending test fixes (#153) Signed-off-by: dzmitry-lahoda <[email protected]> * Pass InterestRateModel as input to create_new_market() extrinsic. Co-authored-by: Filip <[email protected]> Co-authored-by: andor0 <[email protected]> Co-authored-by: Vivek Pandya <[email protected]> Co-authored-by: Hussein Ait-Lahcen <[email protected]> Co-authored-by: Dzmitry Lahoda <[email protected]> Signed-off-by: dzmitry-lahoda <[email protected]> * privileged accounts (liquidation) (#164) * Refactoring of pallet-lending (#178) * Create SECURITY.md (#111) (#174) * Create SECURITY.md Set up for security protocols. * More guidelines * rewards section Co-authored-by: Filip <[email protected]> Update setup-auto-release Updating github workflow Implement auto update feature using two approaches Implement auto update feature using two approaches Implement auto update feature using two approaches Co-authored-by: Douglas Kuhn <[email protected]> * better naming, comments & documentation * introduce account privilege traits, allowing inspection + mutation * introduce pallet-privilege which implements all the privilege traits * add privilege pallet event triggers * add privilege pallet readme * refactor promote/revoke behavior to be noop over privileged/nonprivileged user Co-authored-by: andor0 <[email protected]> Co-authored-by: Adedayo Akinpelu <[email protected]> Co-authored-by: Douglas Kuhn <[email protected]> # Conflicts: # Cargo.lock # frame/lending/src/lib.rs Signed-off-by: dzmitry-lahoda <[email protected]> * dex docs, groups for lending, api (#183) Signed-off-by: dzmitry-lahoda <[email protected]> # Conflicts: # Cargo.lock # frame/composable-traits/Cargo.toml # frame/composable-traits/src/lending.rs # frame/dutch-auction/src/lib.rs # frame/lending/src/lib.rs # frame/oracle/src/lib.rs * smallest possible unit for currencies + refactor + lending fixes / tests more clear (#186) * make sure we allow liquidation if the source account has zero funds after * introduce PriceableAsset capability * refactor lending pallet + oracle mock to use smallest unit of an asset * fix merge conflicts, make tests more clear * simpler priceable type & upgrade runtime currency to handle it * simplify and better documentation * cleanup unused constraints # Conflicts: # frame/composable-traits/src/currency.rs # frame/composable-traits/src/lending.rs # frame/lending/src/lib.rs # frame/lending/src/tests.rs # frame/liquidations/src/lib.rs # frame/oracle/src/lib.rs # runtime/primitives/src/currency.rs Signed-off-by: dzmitry-lahoda <[email protected]> * Vault-index-configurable (#200) * make VaultId an associated type * Unmanle doc comment # Conflicts: # frame/vault/src/lib.rs Signed-off-by: dzmitry-lahoda <[email protected]> * rent implementation (#189) * implement rent and tombstoning * clean up claim_surcharge Also ensure that tombstoned vaults have funds returned by strategies. * handle deletion_reward * add delete_tombstoned functionality * add add_surcharge * fmt and fix doc comment Signed-off-by: dzmitry-lahoda <[email protected]> * Use NativeCurrency associated type instead of querying for native id (#202) # Conflicts: # Cargo.lock # frame/vault/Cargo.toml Signed-off-by: dzmitry-lahoda <[email protected]> * fixed lending tests and run cargo fmt Signed-off-by: dzmitry-lahoda <[email protected]> * fixes from fmt and clippy Signed-off-by: dzmitry-lahoda <[email protected]> * fixes to benches Signed-off-by: dzmitry-lahoda <[email protected]> Co-authored-by: andor0 <[email protected]> Co-authored-by: Adedayo Akinpelu <[email protected]> Co-authored-by: Douglas Kuhn <[email protected]> Co-authored-by: Vivek Pandya <[email protected]> Co-authored-by: JesseAbram <[email protected]> Co-authored-by: Seun Lanlege <[email protected]> Co-authored-by: Karel L. Kubat <[email protected]> Co-authored-by: Filip <[email protected]> Co-authored-by: Hussein Ait-Lahcen <[email protected]>
hussein-aitlahcen
added a commit
that referenced
this pull request
Nov 16, 2021
* Refactoring of pallet-lending (#178) * Create SECURITY.md (#111) (#174) * Create SECURITY.md Set up for security protocols. * More guidelines * rewards section Co-authored-by: Filip <[email protected]> Update setup-auto-release Updating github workflow Implement auto update feature using two approaches Implement auto update feature using two approaches Implement auto update feature using two approaches Co-authored-by: Douglas Kuhn <[email protected]> * Refactoring of pallet-lending (#182) * - Implement dynamic PID controller based interest rate model. See details at https://www.delphidigital.io/reports/dynamic-interest-rate-model-based-on-control-theory/ - Add InterestRate trait which provides get_borrow_rate() method. * start refactor and inline docs (#169) * start refactor and inline docs * added more inline docs * more docs * clean * quick clean * fmt * fmt * polkadot-v0.9.11 (#187) * fix wasm build (#192) * fix wasm build * pin orml to rev * Update off-chain worker of pallet-lending (#190) * remove request id (#194) * test fixes (#195) * Fix release benchmark feature build. * Add cumulus-ping in Runtime (#197) * enable CI on develop branch (#199) * Implement DoubleExponent interest rate model. (#185) * Copy and paste code of cumulus-ping pallet (#198) * Remove unused dependencies (#203) * Add udeps check in CI (#205) * Add udeps check in CI * Update CI config * Remove unused dependencies * Update CI config * Remove unused dependencies * Add hadolint check in CI (#214) * Add hadolint check in CI * Make hadolint happier * Add a config file for hadolint * Oracle fix tests (#222) * test fixes * add test for already submitted tx in ocw * Switch to 2021 edition (#224) * Switch to 2021 edition * Update CI config * Refactoring of pallet-oracle tests (#227) * Remove redundant files (#226) * Adds Parachain utils (#231) * chachacha parachain * chachacha parachain * adds account nonce rpc * adds parachain-utils * cargo fmt * clippy * cargo fmt * Release/test release (#225) * Update off-chain worker of pallet-lending (#190) * remove request id (#194) * test fixes (#195) * Add cumulus-ping in Runtime (#197) * enable CI on develop branch (#199) * Implement DoubleExponent interest rate model. (#185) * Copy and paste code of cumulus-ping pallet (#198) * Remove unused dependencies (#203) * Add udeps check in CI (#205) * Update CI config * Remove unused dependencies * Add a config file for hadolint Co-authored-by: andor0 <[email protected]> Co-authored-by: JesseAbram <[email protected]> Co-authored-by: Vivek Pandya <[email protected]> Co-authored-by: Karel L. Kubat <[email protected]> * use env for upgrade-runtime * cargo fmt * Removed release-on-push and hadolint * clippy * Update Makefile * Update Makefile * Update Makefile * Update Makefile * Update Makefile * Update Makefile * Update Makefile * Distribute build artifacts to s3 * Distribute build artifacts to s3 * Distribute build artifacts to s3 * Distribute build artifacts to s3 * Distribute build artifacts to s3 * Distribute build artifacts to s3 Co-authored-by: Adedayo Akinpelu <[email protected]> Co-authored-by: andor0 <[email protected]> Co-authored-by: JesseAbram <[email protected]> Co-authored-by: Vivek Pandya <[email protected]> Co-authored-by: Karel L. Kubat <[email protected]> * Implement skeleton for StableSwap AMM. * Add pallet-assets-registry (#236) * Add pallet-assets-registry * Add tests for pallet-assets-registry * Formatting * Bump ansi-regex from 5.0.0 to 5.0.1 in /scripts/polkadot-launch (#237) Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v5.0.0...v5.0.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Implement get_y_d() function, * Add pallet-assets-registry in runtime (#240) * Add curve-amm pallet. * Fix benchmark build (#248) * Add back Hadolint and Udeps in CI (#239) * Add back hadolint and udeps in CI * Make udeps happier * Polkadot-launch configuration for Basilisk node (#251) * Add a new polkadot-launch configuration to run Polkadot cluster, Composable's collators, and Basilisk's collators * Make udeps happier * Add CruveAmm trait. * properly configures the xcm pallet (#235) * properly configures the xcm pallet * cargo fmt * bump to 0.9.12 * use stable rust * update cargo.lock * fix duplicate deps * fix clippy * fix clippy * fix clippy * Update CI config * Make udeps happier * bump Cargo.lock * fix chainspecs Co-authored-by: Andrey Orlov <[email protected]> * New Readme (#249) * Update Makefile (#257) * remove angular related pallets from picasso (#256) * Create HRMP channels between a Composable's parachain and a Basilisk's parachain (#260) * pallet registry docs (#242) * asset registry requirements Signed-off-by: dzmitry-lahoda <[email protected]> * asset registry diagram Signed-off-by: dzmitry-lahoda <[email protected]> * updates t oflow Signed-off-by: dzmitry-lahoda <[email protected]> * fixed linters Signed-off-by: dzmitry-lahoda <[email protected]> * Release/v0.1.2 (#250) * runtime-upgrade CD * finalize pipeline * test runtime upgrade * Seun utils subxt (#263) * initial impl of subxt * notify relay chain of upgrade * use subxt for parachain-utils * adds comments to runtime * some more stuff tbh * fmt Co-authored-by: Seun Lanlege <[email protected]> Co-authored-by: Seun Lanlege <[email protected]> * Add and implement add_liquidity() and remove_liquidity(). * Seun fix polkadot launch (#266) * Adds Dali Chachcha Boot nodes (#269) * adds bootnodes, missing node identity * adds node identities * Implement exchange() function and a test. * setup xcmp (#271) Signed-off-by: dzmitry-lahoda <[email protected]> * Update features of integration-tests (#272) * adds telemetry url (#275) * remove incomplete, unused strategy liquidation feature from the vault (#274) * Oracle twap (#261) * historical price and auto trigger price updates * fixed tests * price history test * add max history to runtime * remove request price * twap calc first attempt * twap tests * error testing * Refactoring of pallet-oracle * compile * fix benchmarks * fmt * compilation error * clippy fix Co-authored-by: Andrey Orlov <[email protected]> * Implement fees related code in curve-amm. * remote asset registry trait (#279) * remote asset registry trait Signed-off-by: dzmitry-lahoda <[email protected]> * fixed build Signed-off-by: dzmitry-lahoda <[email protected]> * added one more check for low provider edge case (#278) Co-authored-by: andor0 <[email protected]> Co-authored-by: Adedayo Akinpelu <[email protected]> Co-authored-by: Douglas Kuhn <[email protected]> Co-authored-by: Vivek Pandya <[email protected]> Co-authored-by: JesseAbram <[email protected]> Co-authored-by: Seun Lanlege <[email protected]> Co-authored-by: Karel L. Kubat <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: flipchan <[email protected]> Co-authored-by: Dzmitry Lahoda <[email protected]> Co-authored-by: Seun Lanlege <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Set up for security protocols.