If you discover a security vulnerability in the AICW smart contract or related code, please do not open a public GitHub issue.
Instead, report it privately via email:
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge receipt within 48 hours and aim to provide an initial assessment within 7 days. Critical vulnerabilities affecting deployed contracts will be prioritized.
This policy covers:
- Solana program code (
programs/aicw/) - Test suite (
tests/) - Any deployed instance of the AICW program
Contributors who report valid vulnerabilities will be credited in the project (unless they prefer to remain anonymous).