EIP-5437 Security Contact Interface

Hey OpenZeppelin community, I created an interface of EIP-5437 intend make it easier to securely notify smart contract owner. I love that you pioneered putting the security contact in the OpenZeppelin wizard such as


/// @custom:security-contact some-user@some-domain.com

I love to invite any community members to provide feedback or collaborate to draft the EIP-5437

See it here: https://github.com/ethereum/EIPs/pull/5437/files

1 Like

If it's just the email, why not just put it in a comment section at the top area of a contract?

Thank you for asking. Two reasons: @maxareo

  1. Not all user and API have access to the source code of contract. There is no standard way to distribute and publish contract. The de facto way is to use Etherscan and IPFS, but it has not been standardized. There is no guarantee the email comment will be distributed.
  2. Instead of putting it in the source code comment, putting it in the Smart Contract make it more widely distributed and allow machine readability.