Security Policy

Reporting a Vulnerability

Do not open public GitHub issues for vulnerabilities.

We aim to acknowledge reports within 48 hours and provide a remediation timeline within 5 business days.

Nullsec S1-ZK performs best-effort static analysis. It does not prove circuit soundness and does not replace expert ZK audits. See LIMITATIONS.md.