If you believe you have found a security vulnerability, please do NOT open a public GitHub issue.
Instead, please report it privately by emailing security@limitbreak.com.
Please include as much of the following information as possible to help us triage your report:
- Description of the vulnerability and its potential impact
- Step-by-step instructions to reproduce the issue
- Affected version(s) or commit hash(es)
- Any proof-of-concept code or transaction simulations
- Your suggested severity assessment (Critical / High / Medium / Low)
The following should be reported privately using the process above:
- Smart contract vulnerabilities (reentrancy, access control bypasses, integer overflows, etc.)
- Issues that could lead to loss or theft of funds or tokens
- Privilege escalation or unauthorized state changes
- Cryptographic weaknesses or signature malleability issues
- Denial-of-service vulnerabilities in on-chain logic
The following are appropriate for public GitHub issues:
- General bugs that do not have security implications
- Feature requests and enhancement suggestions
- Documentation errors or improvements
- Questions about usage or integration
If you are unsure whether something is a security issue, err on the side of caution and report it privately.
- We will acknowledge receipt of your report in a timely manner.
- We will keep you informed of progress toward a fix and coordinate disclosure timing with you.
- We request that you allow us a reasonable period to address the issue before any public disclosure.
For security concerns, contact security@limitbreak.com.