If you discover a security vulnerability in FlipCoin protocol contracts or SDK, please report it responsibly.
Do NOT open a public GitHub issue.
Instead, email: security@flipcoin.fun
We will acknowledge your report within 48 hours and aim to provide a fix or mitigation plan within 7 days.
- Smart contracts in
contracts/v2/ - TypeScript SDK in
packages/sdk/ - Deployment scripts in
script/
We are working on a formal bug bounty program. In the meantime, responsible disclosures will be acknowledged and may be rewarded at our discretion.
The v2 contracts have been audited (automated review by Claude Opus 4.6, February 2026). 18 findings identified and fixed. See docs/SECURITY_AUDIT_CONTRACTS.md for the full report.