At LastParadox, we take the security of our users and our decentralized network seriously. We value the contributions of the security research community and welcome reports of vulnerabilities.
If you believe you have found a security vulnerability in LastParadox (VPN, Daemon, Extension, or Website), we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.
Safe Harbor
LastParadox considers security research authorized if you comply with this policy. We will not initiate legal action against you for accidental violations of this policy or for authorized security research.
To remain within the scope of this Safe Harbor, you must:
Only test systems that are in scope.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption of our service.
Do not exploit a vulnerability beyond what is necessary to demonstrate the proof of concept.
Report the vulnerability confidentially and give us reasonable time to fix it before making it public.
In Scope
Applications
LastParadox Desktop App (Windows / Linux / macOS)
LastParadox Daemon (Node.js P2P Core)
LastParadox Vault Extension (Chrome / Brave)
Infrastructure
lastparadox.xyz (This website)
Hypercore P2P Protocol implementation issues
Smart Contracts (Solana / Ethereum) integration
Out of Scope
The following types of testing are potentially harmful and therefore prohibited:
DDoS: Network denial of service attacks.
Social Engineering: Phishing, vishing, or trying to trick our team or users.
Physical Security: Attacks against our physical property or data centers.
Spam: Automated scanning tools that generate excessive traffic.
Rewards & Recognition
As an open-source, community-driven project, we do not currently offer monetary bug bounties.
However, we deeply appreciate your help. If you report a valid, non-trivial vulnerability, we will:
Publicly acknowledge your contribution in our Security Hall of Fame.
Provide a recommendation or reference for your professional portfolio.
Offer free Premium access to LastParadox VPN services.
How to Report
Please send your report via one of the following channels: