Security Policy
Sol-Incinerator welcomes responsible security research. If you've found a vulnerability, here's how to report it and what to expect from us.
Last Updated: May 27, 2026
Sol Incinerator is committed to the security of its on-chain programs and platform. We welcome good-faith reports from the security research community and are committed to working with researchers to verify and address any vulnerabilities that are reported to us.
1. Reporting a Vulnerability
If you believe you have identified a security vulnerability in Sol Incinerator’s smart contracts or platform, please report it by emailing [email protected].
Your report should include:
A clear description of the vulnerability
Steps to reproduce the issue
Any relevant transaction IDs, program addresses, or proof-of-concept code
An assessment of potential impact, if possible
We review all reports and will respond to credible submissions as soon as reasonably practicable, keeping you updated on remediation progress through to resolution.
2. Responsible Disclosure
We ask that security researchers adhere to the following guidelines:
Do not exploit any vulnerability beyond what is strictly necessary to demonstrate its existence
Do not access, modify, or exfiltrate other users’ funds or data
Do not disclose the vulnerability publicly until we have had a reasonable opportunity to investigate and deploy a fix
Do not conduct testing against our production systems in a way that degrades service for other users
Researchers who act in good faith in accordance with these guidelines will not be subject to legal action by Sol Incinerator in connection with their research.
3. Bug Bounty
We pay bounties at our discretion after verifying the reported issue, up to 10% of demonstrated value at risk.
Bounties are subject to the following conditions:
The vulnerability must be disclosed to Sol Incinerator under coordinated disclosure — details must not be shared with any third parties until a fix has been deployed and verified by Sol Incinerator
The reporter must not have exploited the vulnerability without our explicit consent
The report must be submitted in good faith with sufficient detail to reproduce and assess the issue
Bounty amounts are determined at our sole discretion based on severity, demonstrated impact, and quality of the report. We will communicate our decision directly to the reporter following our investigation.
4. Scope
In scope: Sol Incinerator on-chain programs deployed on Solana mainnet and the sol-incinerator.com web interface.
The following are out of scope:
Third-party dependencies and infrastructure not under our direct control
Social engineering or phishing attacks targeting our team or users
Denial-of-service attacks
Issues already known to us or previously reported by another researcher
5. Contact
All security-related correspondence should be directed to [email protected]. Please do not use this address for general support inquiries.
Last updated