As a leading blockchain technology auditing and compliance technology platform, Delta & Capital (Delta) regards system security and client asset data protection as the highest standard. We are committed to safeguarding our own network and the security of our auditing ecosystem. We encourage white-hat security researchers to report any potential security weaknesses to us in a responsible manner to jointly maintain the Web3 security ecosystem.
1. Reporting Channels
If you discover any security vulnerability in our assets, contracts, or auditing network, please reach out to us:
- Vulnerability Email: support@deltacapitalhk.com (You can encrypt your sensitive reports using our PGP Public Key).
- To help us verify and patch the issue, please include a detailed description, target asset, reproduction steps, and a PoC or screenshot.
2. Safe Harbor & Coordinated Disclosure
Delta & Capital promises Safe Harbor to security researchers who act in good faith:
- No Litigation: The institution will not initiate civil lawsuits or submit complaints to law enforcement against researchers who adhere to this policy.
- Mitigate Harm: Research must avoid active disruption (such as DDoS), data exfiltration, or modifications to live production nodes.
- Coordinated Disclosure: Researchers are requested to keep vulnerability details confidential until a patch is deployed, protecting the broader Web3 ecosystem.
3. Response Timeline & Coordinated Review
- We acknowledge and verify critical reports within 24 hours of receipt.
- For confirmed critical or high-severity system logic vulnerabilities, Delta & Capital provides official Security Hall of Fame recognition.