Merge pull request #438 from rsksmart/master-qa-sync

Master qa sync

Author: Luisfc68

.github/copilot-instructions.md

@@ -0,0 +1,3 @@
+When performing a code review, apply the checks in the prompts/review-code.prompt.md file.
+
+When performing a code review, focus on readability and avoid nested ternary operators.

.github/prompts/review-code.prompt.md

@@ -0,0 +1,64 @@
+---
+agent: "agent"
+description: "Perform a comprehensive code review"
+---
+
+## Role
+
+You're a senior software engineer conducting a thorough code review. Provide constructive, actionable feedback.
+
+## Review Areas
+
+Analyze the selected code for:
+
+1. **Security Issues**
+
+   - Input validation and sanitization
+   - Data exposure risks
+   - Injection vulnerabilities
+   - OWASP Top 10 risks
+
+2. **Performance & Efficiency**
+
+   - Algorithm complexity
+   - Memory usage patterns
+   - Database query optimization
+   - Unnecessary computations
+
+3. **Code Quality**
+
+   - Readability and maintainability
+   - Proper naming conventions
+   - Function/class size and responsibility
+   - Code duplication
+
+4. **Architecture & Design**
+
+   - Design pattern usage
+   - Separation of concerns
+   - Dependency management
+   - Error handling strategy
+
+5. **Testing & Documentation**
+   - Test coverage and quality
+   - Documentation completeness
+   - Comment clarity and necessity
+
+## Output Format
+
+Provide feedback as:
+
+**🔴 Critical Issues** - Must fix before merge
+**🟡 Suggestions** - Improvements to consider
+**✅ Good Practices** - What's done well
+
+For each issue:
+
+- Specific line references
+- Clear explanation of the problem
+- Suggested solution with code example
+- Rationale for the change
+
+Focus on: ${input:focus:Any specific areas to emphasize in the review?}
+
+Be constructive and educational in your feedback.

SECURITY.md

@@ -1,31 +1,19 @@
-# Liquidity Bridge Contract Security Process
+# RootstockLabs's Security Process
 
 We are committed to conduct our security process in a professional and civil manner. Public shaming, under-reporting or misrepresentation of vulnerabilities will not be tolerated.
 
 ## Responsible Disclosure
 
-For all security related issues, Liquidity Bridge Contract has two main points of contact. Reach us at <security@rootstocklabs.com> or refer to our [Bug Bounty Program](https://www.rootstocklabs.com/bug-bounty-program). **Do not open up a GitHub issue if the bug is a security vulnerability**
+For all security related issues, RootstockLabs has two main points of contact. Reach us at <security@rootstocklabs.com> or refer to our [Bug Bounty Program](https://www.rootstocklabs.com/bug-bounty-program/). **Do not open up a GitHub issue if the bug is a security vulnerability**
 
 **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/rsksmart/liquidity-bridge-contract/issues).
 
-## Vulnerability Handling
+## Disclosure Policy
 
-### Response Time
+- Follow Immunefi's [disclosure guidelines](https://immunefi.com/responsible-publication/).
+- Public disclosure of a vulnerability makes it ineligible for a bounty.
 
-RootstockLabs will make a best effort to meet the following response times for reported vulnerabilities:
-
-- Time to first response (from report submit) - 5 business days
-- Time to triage (from report submit) - 7 business days
-- Time to bounty (from triage) - 15 business days
-
-We’ll try to keep you informed about our progress throughout the process.
-
-### Disclosure Policy
-
-- Follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
-- Public disclosure of a vulnerability makes it ineligible for a bounty. If the user reports the vulnerability to other security teams (e.g. Ethereum or ETC) but reports to RootstockLabs with considerable delay, then RootstockLabs may reduce or cancel the bounty.
-
-For more information check RootstockLabs bounty program policy at [HackerOne](https://hackerone.com/rootstocklabs)
+For more information, check RootstockLabs bounty program policy at [Immunefi](https://immunefi.com/bug-bounty/rootstocklabs/information)
 
 ## Public Keys