Thank you for helping keep Dynablocks safe! We take security seriously and appreciate the efforts of researchers and users who responsibly disclose vulnerabilities. This document was written by @Clashnewbme.

If your reporting an issue with the applications we will listen to all security reports / feedback for only the recent versions of Brickate if a issue or bug is found unless your application / client is outdates.

Please ensure you have updated your client to the latest version before reporting anythinng.

If you discover a security vulnerability, please do not open a public issue. Instead, report it privately using one of the following methods:

• Email: browhendoimakeanemail
• Discord (https://discord.com/invite/KjJ6Ezt7Nc)
• Or contact a developer of Dynablocks, like @Clashnewbme or other staff.

To help us resolve issues quickly, include:

• A clear description of the vulnerability
• Steps to reproduce the issue
• Any proof-of-concept (code, screenshots, videos)
• The potential impact
• Suggested fixes (optional, but appreciated)

Reminder: DO NOT show us your bug find by testing it on other users.

The following are considered extremely seriously:

• Authentication issues
• Account takeover vulnerabilities
• API/security bypasses
• Data leaks or exposure
• API key
• Game / client exploits affecting other users or games
• DDoS Attacks
• SQL Injections and Cross-site Scripting

Important but less important (we will still take action):

• Spam or social engineering
• Issues requiring physical access to a device
• Self-XSS (unless it leads to a bigger exploit)
• Rate limiting / brute force without impact
• IP ping spamming / API pinging

We appreciate responsible disclosures and may:

• Credit you in some way
• Possible badges / prizes (currently we are still deciding what to reward users who find bugs or vulnrabilities)

• Do not exploit vulnerabilities beyond what is necessary to demonstrate them
• Do not access other users’ data without permission
• If the bug requers another user, use an alt, dont perform it on innocent users
• Do not disrupt the platform or services
• When a bug is found dont abuse it

Your help makes Dynablocks better for everyone. We appreciate your time and effort in responsibly disclosing security issues.