Issue registry

Security findings and protocol issues are tracked publicly in the GitHub organization. We follow responsible disclosure practices.

Reporting a vulnerability

  1. Go to the relevant repository on github.com/aicw-protocol
  2. Navigate to Security ??Advisories ??New draft advisory
  3. Describe the vulnerability with reproduction steps
  4. We aim to acknowledge within 48 hours and provide a fix timeline within 7 days

Scope

RepositoryScope
aicwSolana program (smart contract) ??highest priority
aicw_appWallet issuance frontend
aicw_mcpMCP server for agent operations
aicw_homeDocumentation site

Do not report via public issues

If the vulnerability could allow theft of funds or unauthorized signing, use the private advisory mechanism ??not public GitHub issues.