QRL Primary Report, 2024

Read More

Report a Security Issue

The QRL team encourage responsible security investigation and reporting.

What to report

Contact us if you have discovered security issues in any of the following:

  • QRL protocol design and implementation
  • Services deployed by the QRL team
  • QRL network and infrastructure

If in doubt, send a report.

How to report

To report a security issue send an email to security@theqrl.org

Consider encrypting your message using the PGP key embedded below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFxoWCoBEAC+MluHOjH1EcEpGPO3N5i+zSGXwnLyz5ACQeU6GPxpXStlFc5V
GLNw70gtp7hBdVsCcmL6MVDMmvlUWqQ6bT0ED3Jt08yVmM340rUG19N2DvK7eFYT
6+8mst+WH0xh/1M1xSZC3tfQpLtVe8rQmkLfVjW6K677VNChS16vy0697UiWwWXm
Mf+XH6aV7WAcPqY97IyawEhdA6l960RZdnZlZhpOSrhMBPi0/abCp/A+jxXxRJ4A
aKIe2zTJ9/NFoRGgj+VytIVXYRg229Bihq0Vc2QNqgnuQxtHpVecXvde7sfBNpsk
effI0sLSRIUXxlN5/t85Vvm8XgOLZBRONr9wN90nLCSGvaNZFiBH4T72SyfwhTUF
Abo9cCCGof+/FDw6ITAdTU1YxUQNsvcbStGu9qvthxGAD+rdnL/FgPCLn4riyImi
VUlre8jhs62bh7kBMLWFt0OE8epVeQbS5E/0gLHHMmeTzHcBAy0nZ8lBzWwkwsbX
yN1gC+hPs4jqu3cJFD1S/5aEfe7uatedIevImW+nU7WoGIc1a9s7vSbNLVCkoeLq
i2x0vw3rNVg/4u5pHWgh0930EL9s6wTnMe8ZfEYaVjzpbZqfyRaCaRpyyAe0mU81
fYx4hFpr3AD1ALWM0Bnm68DQOhZlQz+u/yF93gQ4Qum6FUSBMNU1eVKpbQARAQAB
tCNTZWN1cml0eSB0ZWFtIDxzZWN1cml0eUB0aGVxcmwub3JnPokCVAQTAQoAPhYh
BLA1lB0arakj62Hy6xR2Imm/3RHzBQJcaFgqAhsDBQkHhh+ABQsJCAcDBRUKCQgL
BRYCAwEAAh4BAheAAAoJEBR2Imm/3RHznFMQAKMVefAf797BhDkVoQkkAlkr8uSq
6jlvceUW+lt7jiYkYCZHeRmipyEXwNqfw7T6+r2awixgDvnOtqyG4j7aq957uXWv
wIjcF9vm1lGOFMLZ49ZqnZqggQ7/9ckMevg3Labqw9x9TI/bhVbkBFVDpaQd5tFR
fjy16tqGN6DTgU+El30KE2zUQ0M48VmNPoKCYBcuV1fadkkKajWIA6ei6swoKKQV
PyLx9CNeLtH/fQ0jTki+oSuzvdWTYpQsltK7zkyDUpc7qKzDvISp5ER5v/j9pAlE
CqdfgNTh/ebcgzJ10mZ181sE5F6Z0Xixm89l8i96iUyuK76qb3Sbc+2/PQvE/PQX
xi7Sz3Ay2cujgIc1Cp+piW114fctA49JnAzCrI6t2MyS1PHx9gIw0VlWYxYLscI2
GEAVtKgW3vsl/gakDNfx2895UwD8f+31/RNTCZqZYp6Tocpf/VlVSoTjuYD8c6Cc
0SJ4bgZFMPMJ0sGNBlGtz+ZVb2e9kaHj6XC3y9nLdPOglfPc+8WF3l4ROLD9rpqG
t9erkTOn9bo0tuys8cJJiKYCpaQM2Qg1ZvOC+PyHFburWWAaU7mdVh+Ct/XWNbLE
OIlGAnMMsYSpCrgOBssIKj2vR/mos8OGp5c5L7liCkhexWnsCZmXQH2cJJegCMns
gmLy0ZpOfC8yumXtuQINBFxoWCoBEADPVF20365DS+JU5vQJucttbhlNaVGDbBUl
1EwU6ZymLMp3/hUv68RokmhyIZP32YCz+ezDCZqE2IX+w5TuG/h3/zZtSKVA6+Ze
EX+d8Iq+QwykEEUrwbjlWODzCuJZ4qzwH52Kg0RrGzRYiWsjG4vI0SJ7OL+R7uai
hrzOQixnH37atKrU143Z4SBtzQuxzmllGQOO72cGOvF39qmzvatd1OgX6GEw0TE5
pO5b80mLlsBg0TlzO/Ukk51difHx7nHhyJY1Q4RoqiQG+M6VEtKuefRh7lpobdet
Q35ubfW1m+EzoSRNOtiDAcgQNb4ejBfIS24On/2m7jrXzu42B08cRO4MbE6wYpgv
MmPONeqk8grB/3dOwRros4AT4CFSLFylbyI5lHHlShoeivKNS3nSoQIGH51PQFvq
QLPfKP7dYLXxf2d7w+5lrtogyp1Sr2Prn5gZ61GXirqprwEmTL+bzsKFuw3dewbr
Mv0xFD9TLvgAXXdmvwy6Y1wkNHsuufoX42EklehwwxDyeeIXKihPR8uuMtb6hOy5
tETJF5ZCi5Kg0hjvJvo9ewUjmq+sXtDYqO59NdPXXZQ7JElGyucnCRuv2h2onSGG
W5gkoly5AIHg8Y8zB0RHA2Ag2IHwSMInbGZ6lGlQaZftXUOhTlZ4OFoPJOEcIemU
VLI87sTqMQARAQABiQI7BBgBCgAmFiEEsDWUHRqtqSPrYfLrFHYiab/dEfMFAlxo
WCoCGwwFCQeGH4AACgkQFHYiab/dEfP24Q/4nEC4xKNQlsUqkwK0BsASEocKelc5
zKpnl0s81l4TPWI9LDqIt6C7jsMZ5ZLthD+HCfDlNpL24x6JZHstF/+ao3Ujc2Dd
K15cBfPwMIk7lhKdK4+V9AFQnNtLL1IfRawafsjQ/6liZpDZd0PWiYfAozr+unAD
lxUn3Bv1hkWxzegZMMgJ6hu5/OnQ7wV87mJ68R7CtZMiNM92iNXGF8AxOLab/iXN
amfyBmivoriDcFJkTypcSkXCNc/OePGR36DaNZ9OG1fIYsxnqzicpZUZYUXUrPdl
nLJB4i8a0bVn0Je+n6QgbJIu87MnUlIhA6ZIxo2xFt+jwKBlVUdva1n1YJnGeHCL
6MqV0FJyNck+hB1/iu2xevp2nWaeYghXenKbrSzuc+3ueFdnxMwVeJ7WnpXs/pJo
1a0floc9sAniDU05uEQyrm0RjsIhuxBd2fgNtck3KL4NaLWnA2mUgRme5RMY1tKg
0lJ4hjgz3pSWpA0KvhGITzsWyUVB4xRTgAHPTsE2hTf95aMcHCaabc0E7m2E1VhL
9qvdk13cXb87zIaHkMJ7XZn1OrhpQ0rpKuM+NiwhzxxPPuJWGEQunGoPMjhBLgtE
kqHF5I0jMU2WqRyi6nskcPKN9aXglR0C7nogscBwW0BgMa+baUZB/DJSqx1hARsh
vjMzwZI8HPGr3w==
=d7QU
-----END PGP PUBLIC KEY BLOCK-----

To facilitate reproduction of reported issues, we encourage you to include the following information if possible:

  • Description of the issue
  • Description of the issue’s potential security impact
  • The affected resource. e.g. URL, GitHub code snippet, transaction
  • Ideally a proof-of-concept that demonstrates the issue

Our process

Upon receiving your report, the QRL team will assess the issue and reach out to ask for additional information and/or provide assessment.

Any reported security issues may be eligible for rewards under the terms of The QRL Bug Bounty Program.

Contact Us

Join our mailing list, contact the team or join our vibrant and friendly community of users, developers and enthusiasts on Discord or one of our other social channels

Press enquiries

press@theqrl.org

Support requests

support@theqrl.org

General enquiries

info@theqrl.org