We take the security of our users seriously. If you believe you have discovered a security vulnerability or have any security concerns regarding this project, please follow our responsible disclosure guidelines outlined below.
To report a security vulnerability or concern, you can use one of the following methods:
- Github: https://github.com/cashubtc/eNuts/security/advisories/new
- Email: [email protected]
- Telegram: https://t.me/eNutsWallet
- Telegram: https://t.me/CashuBTC
Feel free to request a private discussion with the maintainers for a more personalized conversation. When reporting, please provide as much detail as possible, including a clear description of the vulnerability and any potential impact.
We will acknowledge your report immediatly and provide an estimated timeline for resolution. We will work closely with you to understand the issue and verify its validity.
Once the vulnerability is confirmed and resolved, we will coordinate with you to determine an appropriate disclosure timeline, which may include a coordinated public release of information.
We highly value the contributions of security researchers who responsibly disclose security vulnerabilities to us. While we aspire to have a bug bounty program in place to reward these efforts, we regret to inform you that, at the moment, we do not have sufficient funds allocated for this purpose.
We are committed to the idea of establishing a bug bounty program as soon as our financial situation allows. Our aim is to fairly compensate security researchers and any collaborator for their valuable contributions to our projects.
We appreciate your understanding and patience in this matter. In the meantime, please continue to report security vulnerabilities using the methods outlined above.
We kindly request that you refrain from disclosing any security-related information publicly until we have had a chance to review and address the reported issue. We are committed to acting in accordance with all relevant laws and regulations to protect the security of our users.
Thank you for helping us make eNuts more secure.