Xahau Network
Testnet FaucetExplorerHooks API Docs
Xahau Network
Xahau Network
  • 🪝Xahau Documentation
    • XRPL/Xahau: What is Different?
  • 🪝Hooks
  • 🚨Concepts
    • Introduction
      • Example Usage
      • Xahau Testnet
      • Xahau Testnet Explorer
      • Examples (source code)
      • Blogs (concepts)
    • Terminology
    • Loops and Guarding
    • Compiling Hooks
    • Chaining
    • Weak and Strong
    • Collect Call
    • SetHook Transaction
    • Parameters
    • Namespaces
    • Grants
    • HookOn Field
    • Reference Counted Hook Definitions
    • Hook Fees
    • Execution Metadata
    • Debugging Hooks
    • State Management
    • Slots and Keylets
    • Floating Point Numbers (XFL)
    • Emitted Transactions
    • Serialized Objects
  • Features
    • Public Nodes (RPC)
    • Amendments
    • Transaction Signing
      • Transaction Fees
    • Developer Tooling
      • Curated Tooling
      • Client Libraries
      • Developer Tricks
    • HTTP / WebSocket APIs
      • Request Formatting Guide
      • Response Formatting Guide
      • Considerations
      • Public API Methods
      • Admin API Methods
    • Network Features
      • Account Managment
      • Balance Rewards
      • Check
      • Escrow
      • Hooks
      • Offer
      • Payments
      • URIToken
    • Faucet & Explorers
    • Data API's
  • Infrastructure
    • Node Requirements
    • Running a Node
      • Running a Mainnet Node
      • Running a Testnet Node
    • Building Xahau (Dev)
      • Ubuntu - 22.04
      • Mac OS - 15.3.2 (24D81)
  • Technical
    • 📐Hooks Functions
      • Overview
        • Hook API Conventions
        • Return Codes
      • Developer Defined
        • hook
        • cbak / Callback
      • Control
        • accept
        • rollback
      • Utilities
        • util_raddr
        • util_accid
        • util_verify
        • util_sha512h
        • util_keylet
      • Serialization
        • sto_subfield
        • sto_to_json
        • sto_from_json
        • sto_subarray
        • sto_emplace
        • sto_erase
        • sto_validate
      • Emitted Transaction
        • etxn_burden
        • etxn_details
        • etxn_fee_base
        • etxn_nonce
        • etxn_reserve
        • etxn_generation
        • prepare
        • emit
      • Float
        • float_set
        • float_multiply
        • float_mulratio
        • float_negate
        • float_compare
        • float_sum
        • float_sto
        • float_sto_set
        • float_invert
        • float_divide
        • float_one
        • float_exponent
        • float_mantissa
        • float_sign
        • float_int
        • float_root
        • float_log
      • Ledger
        • fee_base
        • ledger_seq
        • ledger_last_hash
        • ledger_last_time
        • ledger_nonce
        • ledger_keylet
      • Hook Context
        • hook_account
        • hook_hash
        • hook_param
        • hook_param_set
        • hook_skip
        • hook_pos
        • hook_again
      • Slot
        • slot
        • slot_clear
        • slot_count
        • slot_set
        • slot_size
        • slot_subarray
        • slot_subfield
        • slot_type
        • xpop_slot
        • slot_float
      • State
        • state
        • state_set
        • state_foreign
        • state_foreign_set
      • Trace (Debug)
        • trace
        • trace_num
        • trace_float
      • Originating Transaction
        • otxn_burden
        • otxn_field
        • otxn_generation
        • otxn_id
        • otxn_type
        • otxn_slot
        • otxn_param
        • otxn_json
        • meta_slot
      • Websocket APIs
        • account_info
        • account_namespace
    • Protocol Reference
      • Transactions
        • Transaction Common Fields
        • Transaction Types
          • AccountDelete
          • AccountSet
          • CheckCancel
          • CheckCash
          • CheckCreate
          • ClaimReward
          • DepositPreauth
          • EscrowCancel
          • EscrowCreate
          • EscrowFinish
          • GenesisMint - (Emitted Txn)
          • Import
          • Invoke
          • OfferCancel
          • OfferCreate
          • Payment
          • PaymentChannelClaim
          • PaymentChannelCreate
          • PaymentChannelFund
          • Remit
          • SetHook
          • SetRegularKey
          • SignerListSet
          • TicketCreate
          • TrustSet
          • URITokenBurn
          • URITokenBuy
          • URITokenCancelSellOffer
          • URITokenCreateSellOffer
          • URITokenMint
        • Pseudo Transaction Types
          • EmitFailure
          • UNLReport
          • UNLModify
          • SetFee
          • EnableAmendment
        • Transaction Results
          • TES Codes
          • TER Codes
          • TEM Codes
          • TEL Codes
          • TEF Codes
          • TEC Codes
        • Transaction Metadata
      • Ledger Data
        • Ledger Objects Types
          • AccountRoot
          • Amendments
          • Check
          • Deposit Pre Auth
          • Directory Node
          • Emitted Txn
          • Escrow
          • Fee Settings
          • Hook
          • Hook Definition
          • Hook State
          • Import VL Sequence
          • Ledger Hashes
          • Negative UNL
          • Offer
          • Pay Channel
          • Ripple State
          • Signers List
          • Ticket
          • UNL Report
          • URIToken
        • Ledger Header
        • Ledger Object IDs
      • Data Types
        • Currency Formats
        • Base 58 Encodings
      • Binary Format
    • Balance Adjustments
    • Governance Game
    • Burn 2 Mint (B2M)
    • Versioning Process
  • Compliance
    • Security Audits
      • Responsible Disclosure
  • Support
    • Help Us
Powered by GitBook
On this page
  • Responsible Disclosure Policy
  • How to Report
  • Rules
  • Responsible Disclosure procedure(s)
  • Bug bounty program
  • Exclusions

Was this helpful?

Edit on GitHub
Export as PDF
  1. Compliance
  2. Security Audits

Responsible Disclosure

Our Responsible Disclosure Policy provides clear guidelines for submitting reports through our support portal, ensuring confidentiality.

Last updated 7 months ago

Was this helpful?

Responsible Disclosure Policy

At Xahau, we believe that the security of our systems is extremely important.

Despite our concern for the security of our systems during product development and maintenance, there's always the possibility of someone finding something we need to improve/update/change/fix /...

We appreciate you notifying us if you have found a weak point in one of our systems as soon as possible so we can immediately take measures to protect our customers and their data.

How to Report

If you believe you have found a security issue in one of our systems, please notify us as soon as possible by posting a high level description of your finding and contact information (so someone can reach out) on Github:

Rules

This responsible disclosure policy is not an open invitation to actively scan our network and applications for vulnerabilities. Our continuous monitoring will likely detect your scan, and these will be investigated.

We ask you to:

  • Not share information about the security issue with others until the problem is resolved, and to immediately delete any confidential data acquired

  • Not further abuse the problem, for example, by downloading more data than is necessary to demonstrate the leak or to view, delete, or amend the data of third parties

  • Provide detailed information in order for us to reproduce, validate, and resolve the problem as quickly as possible. Include your test data, timestamps, and URL(s) of the system(s) involved

  • Leave your contact details (e-mail address and/or phone number) so that we may contact you about the progress of the solution. We do accept anonymous reports.

  • Do not use attacks on physical security, social engineering, distributed denial of service, spam, or applications of third parties

Responsible Disclosure procedure(s)

When you report a security issue, we will act according to the following:

  • You will receive a confirmation of receipt from us within 4 working days after the report is made

  • You will receive a response with the assessment of the security issue and an expected date of resolution within 4 working days after the confirmation of receipt is sent

  • We will take no legal steps against you in relation to the report if you have kept to the conditions as set out above

  • We will handle your report confidentially, and we will not share your details with third parties without your permission unless that is necessary in order to fulfill a legal obligation

This responsible disclosure scheme is not intended for:

  • Complaints

  • Website unavailable reports

  • Phishing reports

  • Fraud reports

Bug bounty program

Xahau encourages the reporting of security issues or vulnerabilities. We may make an appropriate reward for confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users' data that was not yet known to us. We decide whether the report is eligible and the amount of the reward.

Exclusions

The following types of security problems are excluded

  • (D)DOS attacks

  • Error messages or error pages without sensitive data

  • Tests & sample data as publicly available in our repositories on Github

  • Common issues like browser header warnings or DNS configuration, identified by vulnerability scans

  • Vulnerability scan reports for the software we publicly use

  • Security issues related to outdated OS's, browsers, or plugins

  • Reports for security problems that we have been notified of before

Please note: Reports that lack any proof (such as screenshots or other data), detailed information, or details on how to reproduce any unexpected result will be investigated but will not be eligible for any reward.

For these complaints or reports, please post a high level description of your issue and contact information (so someone can reach out) on Github:

This policy is based on the National Cyber Security Centre’s Responsible Disclosure Guidelines and an .

https://github.com/Xahau/xahaud/issues
https://github.com/Xahau/xahaud/issues
example by Floor Terra