If you've identified a vulnerability, please DO NOT open a new public issue. Instead, report it through one of the following venues:
- Submit an advisory through GitHub: https://github.com/gnolang/gno/security/advisories/new
- Email security [at-symbol] tendermint [dot] com. If you are concerned about confidentiality e.g. because of a high-severity issue, you may email us for PGP or Signal contact details. If you’ve found multiple vulnerabilities, please submit one per email.
- A security bug bounty platform for gno.land will be available Soonᵀᴹ. You will need to report via our bug bounty platform in order to be eligible for rewards.
We will respond within 3 business days to all received reports.
Thank you for helping to keep our ecosystem safe!