diff --git a/packages/horizon/contracts/payments/GraphPayments.sol b/packages/horizon/contracts/payments/GraphPayments.sol index b7cb34db7..c621f62dc 100644 --- a/packages/horizon/contracts/payments/GraphPayments.sol +++ b/packages/horizon/contracts/payments/GraphPayments.sol @@ -16,6 +16,8 @@ import { GraphDirectory } from "../utilities/GraphDirectory.sol"; * @notice This contract is part of the Graph Horizon payments protocol. It's designed * to pull funds (GRT) from the {PaymentsEscrow} and distribute them according to a * set of pre established rules. + * @custom:security-contact Please email security+contracts@thegraph.com if you find any + * bugs. We may have an active bug bounty program. */ contract GraphPayments is Initializable, MulticallUpgradeable, GraphDirectory, IGraphPayments { using TokenUtils for IGraphToken; diff --git a/packages/horizon/contracts/payments/PaymentsEscrow.sol b/packages/horizon/contracts/payments/PaymentsEscrow.sol index 5d0694346..46736ec3e 100644 --- a/packages/horizon/contracts/payments/PaymentsEscrow.sol +++ b/packages/horizon/contracts/payments/PaymentsEscrow.sol @@ -17,6 +17,8 @@ import { GraphDirectory } from "../utilities/GraphDirectory.sol"; * @notice This contract is part of the Graph Horizon payments protocol. It holds the funds (GRT) * for payments made through the payments protocol for services provided * via a Graph Horizon data service. + * @custom:security-contact Please email security+contracts@thegraph.com if you find any + * bugs. We may have an active bug bounty program. */ contract PaymentsEscrow is Initializable, MulticallUpgradeable, GraphDirectory, IPaymentsEscrow { using TokenUtils for IGraphToken; diff --git a/packages/horizon/contracts/payments/collectors/TAPCollector.sol b/packages/horizon/contracts/payments/collectors/TAPCollector.sol index f3d67e819..f9b228ead 100644 --- a/packages/horizon/contracts/payments/collectors/TAPCollector.sol +++ b/packages/horizon/contracts/payments/collectors/TAPCollector.sol @@ -17,6 +17,8 @@ import { ECDSA } from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; * @dev Note that the contract expects the RAV aggregate value to be monotonically increasing, each successive RAV for the same * (data service-payer-receiver) tuple should have a value greater than the previous one. The contract will keep track of the tokens * already collected and calculate the difference to collect. + * @custom:security-contact Please email security+contracts@thegraph.com if you find any + * bugs. We may have an active bug bounty program. */ contract TAPCollector is EIP712, GraphDirectory, ITAPCollector { using PPMMath for uint256; diff --git a/packages/horizon/contracts/staking/HorizonStaking.sol b/packages/horizon/contracts/staking/HorizonStaking.sol index 74b2d8d09..6a5479878 100644 --- a/packages/horizon/contracts/staking/HorizonStaking.sol +++ b/packages/horizon/contracts/staking/HorizonStaking.sol @@ -24,6 +24,8 @@ import { HorizonStakingBase } from "./HorizonStakingBase.sol"; * This is due to the contract size limit on Arbitrum (24kB). The extension contract implements functionality to support * the legacy staking functions and the transfer tools. Both can be eventually removed without affecting the main * staking contract. + * @custom:security-contact Please email security+contracts@thegraph.com if you find any + * bugs. We may have an active bug bounty program. */ contract HorizonStaking is HorizonStakingBase, IHorizonStakingMain { using TokenUtils for IGraphToken; diff --git a/packages/horizon/contracts/staking/HorizonStakingExtension.sol b/packages/horizon/contracts/staking/HorizonStakingExtension.sol index ba7eb3a5b..cbb70cc20 100644 --- a/packages/horizon/contracts/staking/HorizonStakingExtension.sol +++ b/packages/horizon/contracts/staking/HorizonStakingExtension.sol @@ -24,6 +24,8 @@ import { HorizonStakingBase } from "./HorizonStakingBase.sol"; * without losing rewards or having service interruptions. * @dev TODO: Once the transition period and the transfer tools are deemed not necessary this contract * can be removed. It's expected the transition period to last for a full allocation cycle (28 epochs). + * @custom:security-contact Please email security+contracts@thegraph.com if you find any + * bugs. We may have an active bug bounty program. */ contract HorizonStakingExtension is HorizonStakingBase, IL2StakingBase, IHorizonStakingExtension { using TokenUtils for IGraphToken; diff --git a/packages/subgraph-service/contracts/DisputeManager.sol b/packages/subgraph-service/contracts/DisputeManager.sol index f48c20463..ce3685948 100644 --- a/packages/subgraph-service/contracts/DisputeManager.sol +++ b/packages/subgraph-service/contracts/DisputeManager.sol @@ -19,7 +19,7 @@ import { GraphDirectory } from "@graphprotocol/horizon/contracts/utilities/Graph import { DisputeManagerV1Storage } from "./DisputeManagerStorage.sol"; import { AttestationManager } from "./utilities/AttestationManager.sol"; -/* +/** * @title DisputeManager * @notice Provides a way to permissionlessly create disputes for incorrect behavior in the Subgraph Service. * @@ -40,6 +40,8 @@ import { AttestationManager } from "./utilities/AttestationManager.sol"; * Arbitration: * Disputes can only be accepted, rejected or drawn by the arbitrator role that can be delegated * to a EOA or DAO. + * @custom:security-contact Please email security+contracts@thegraph.com if you find any + * bugs. We may have an active bug bounty program. */ contract DisputeManager is Initializable, diff --git a/packages/subgraph-service/contracts/SubgraphService.sol b/packages/subgraph-service/contracts/SubgraphService.sol index 5023e6160..b2b43da40 100644 --- a/packages/subgraph-service/contracts/SubgraphService.sol +++ b/packages/subgraph-service/contracts/SubgraphService.sol @@ -21,6 +21,11 @@ import { PPMMath } from "@graphprotocol/horizon/contracts/libraries/PPMMath.sol" import { Allocation } from "./libraries/Allocation.sol"; import { LegacyAllocation } from "./libraries/LegacyAllocation.sol"; +/** + * @title SubgraphService contract + * @custom:security-contact Please email security+contracts@thegraph.com if you find any + * bugs. We may have an active bug bounty program. + */ contract SubgraphService is Initializable, OwnableUpgradeable,