Thank you for responsibly disclosing security issues - we take them seriously.

Preferred contact (private):

• Create a private security issue on this GitHub repo (use the "Security" → "Report a vulnerability" flow), or
• Email: currently unavailable (PGP key available on request).

If you use email, please include:

• A short summary of the issue
• Affected contract/address and chain (if on-chain)
• Proof-of-concept (PoC) or reproduction steps (preferably runnable on a mainnet fork)
• Block numbers / TX hashes (if applicable)
• Your preferred contact method and timeline for disclosure

We aim to:

• Acknowledge receipt within 3 business days
• Provide an initial assessment within 2 weeks
• Coordinate fix timelines and disclosure with affected parties

If you believe the issue is actively being exploited, please mark the subject line: [EMERGENCY].

• Do not include exploits that enable theft on mainnet without clear mitigations or redaction.
• Use mainnet forks or testnets for reproduction steps and label such code # FOR EDUCATIONAL PURPOSES or sensitive: true.
• If you need help preparing a safe PoC, we can assist after initial contact.

We will coordinate public disclosure with affected projects. Reporters who follow responsible disclosure will be credited (unless they request anonymity).

@THE_SANDF at X. Email -currently unavailable .