We take the security of MerkleForge seriously. If you discover a vulnerability, please report it responsibly so we can investigate and address it promptly.
- Navigate to the Security tab of this repository.
- Click Report a vulnerability to open the GitHub Security Advisories form.
- Include as much detail as possible:
- A clear description of the issue.
- Steps to reproduce the vulnerability.
- The affected versions or components.
- The potential impact and severity.
Alternatively, email the same details to dicethedev@gmail.com.
- Do not publicly disclose the vulnerability until it has been confirmed and fixed.
- Include proof-of-concept code when possible to help us verify the issue.
- State whether you believe the vulnerability is being actively exploited.
- Do not access, modify, or destroy data that does not belong to you.
- We will acknowledge and investigate vulnerability reports diligently.
- We may contact you for additional information while reproducing the issue.
- After a fix is available, we will coordinate disclosure and publish relevant details when appropriate.
MerkleForge does not currently offer a formal bug bounty program. We value responsible security research and, with your consent, may recognize your contribution in the changelog or release notes.
MerkleForge is academic research software and has not been independently security-audited. It is not currently intended for production systems, financial applications, or other security-critical environments.
Thank you for helping improve the security of MerkleForge.