Reporting Channel
Do not open public issues for undisclosed vulnerabilities.- Primary contact:
dev@neus.network - Secondary contact:
info@neus.network - Include affected component, impact, reproduction details, and mitigation suggestions.
Disclosure Expectations
- We acknowledge valid reports and triage based on severity.
- We aim to respond to valid reports within 48 hours.
- Please provide reasonable remediation time before public disclosure.
- Avoid actions that could harm users, infrastructure, or third parties.
Scope Examples
- API authentication and authorization flaws
- Signature verification bypasses
- Proof visibility/privacy escalation issues
- Replay/rate-limit bypasses
- Smart-contract and verifier integrity issues
Out-of-Scope Examples
- Social engineering
- Denial-of-service traffic without exploit details
- Issues requiring physical access to user devices
- Vulnerabilities in third-party services outside NEUS control