If you think you have found a security vulnerability, please submit a report to our HackerOne program for assets in scope or send an email to security@etherspot.io. This address can be used for all of Etherspot's open source (including but not limited to SDK, BUIDler, React Etherspot Kit).
Etherspot will send you a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
Important: We ask you to not disclose the vulnerability before it have been fixed and announced, unless you received a response from the Etherspot security team that you can do so.