Security
Security of Namada in practice requires both protocol security (correctness of the design and implementation of the protocols) and user security (privacy education, spam/phishing avoidance, etc.).
Protocol security in practice is not a matter of "correct or not", but rather one of defense-in-depth. The Namada community uses various tools, including specifications, third-party audits, internal and external code reviews, and public testnets, in order to minimize the likelihood of unexpected protocol bugs or behaviors.
Those efforts notwithstanding, the most important factor for security is effective cooperation between developers, community members, and security researchers.
If you believe that you may have found a bug in the Namada protocol design or implementation, please email:security@anoma.foundation
All security-critical Namada designs and implementations are covered by the Anoma Foundation security program. We are committed to working in good faith with anyone who believes that they have found a bug in the Namada stack.
Versions of Namada currently in scope:
v0.31.0 (Shielded Expedition release)
Bugs found during the Shielded Expedition will be rewarded through the Shielded Expedition program. Please see the Shielded Expedition announcement and the special task submission’s page.
User security in practice depends on smart defensive design, active participation and good-faith cooperation of the community, and careful, diligent behavior by users. If you are unsure about some Namada-related application, token, or project, ask around on a community coordination channel for advice before taking any actions.
As a reminder, the Anoma Foundation will never ask for your seed phrase or any key materials. Beware anyone who does!