If you discover a vulnerability, do not open a public issue.
Please report directly to maintainers via private channel and include:
- impact summary
- affected components/files
- steps to reproduce
- suggested mitigation
We will acknowledge reports and provide a remediation timeline.
This policy covers on-chain program logic, treasury execution paths, and governance workflow tooling in this repository.