Reporting a Vulnerability

At Planbok, the security of our infrastructure and our users' assets is our highest priority. We welcome the contribution of security researchers to help us maintain the highest security standards.

Disclosure Policy

If you believe you have discovered a security vulnerability in our platform, please report it to us as soon as possible. We ask that you:

• Do not disclose the vulnerability to the public or any third party until we have had a reasonable amount of time to address it.
• Avoid harmful actions, such as data destruction, service interruption, or accessing other users' accounts/data.
• Focus on technical vulnerabilities: We are primarily interested in vulnerabilities involving our MPC protocol, API security, and infrastructure isolation.

How to Report

Please send your findings to our security team via email:

Email: support@planbok.io

What to Include

To help us triage and resolve the issue quickly, please include:

• A detailed description of the vulnerability.
• Proof-of-concept (PoC) steps or scripts to reproduce the issue.
• The potential impact of the vulnerability.
• Any suggested remediation or fix.

Our Commitment

In return for your responsible disclosure, we commit to:

• Acknowledging receipt of your report within 48 hours.
• Providing a regular update on our progress in addressing the issue.
• Publicly acknowledging your contribution (with your permission) once the vulnerability has been resolved.

[!NOTE] Planbok does not currently operate a paid bug bounty program, but we provide official security researcher recognition and "Early Adopter" perks for high-quality reports.

Scope

In-Scope

• *.planbok.io API endpoints.
• MPC Node 1 and Node 2 communication protocols.
• Planbok official SDKs and client libraries.

Out-of-Scope

• Social engineering (e.g., phishing, vishing).
• Third-party chains or protocols (e.g., Ethereum or Solana network-level issues).