The Telcoin Network team takes security vulnerabilities seriously. If you believe you have found a security vulnerability, please report it to us privately.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them via email to:

• security{{[@]}}telcoin<.>org

Please include:

• A description of the vulnerability
• Steps to reproduce
• Potential impact
• Technical details and proof of concept if possible

1. We will acknowledge receipt of your report within 48 hours
2. We will provide an initial assessment of the report within 5 business days
3. We will keep you informed of our progress as we investigate and resolve the issue
4. Once resolved, we will notify you and discuss public disclosure timing

• Already reported vulnerabilities
• Vulnerabilities in dependencies (report to the dependency maintainer)
• Theoretical vulnerabilities without proof of concept
• Social engineering attacks

• All vulnerability reports and associated communications are considered confidential.
• We kindly ask that you not publicly disclose any details related to the vulnerability without our express written permission.
• We aim to fix critical vulnerabilities as quickly as possible.
• If you wish to receive credit for a valid vulnerability report, let us know, and we can discuss private recognition or other acknowledgments.
• We may provide pre-disclosure to key partners and node operators to ensure network stability.

There are no supported versions at this time. The target release for supported versions is Q3 2025.

Security fixes are released as promptly as possible. Telcoin Network is still under heavy development and considered unstable.

Coming soon. If you have something to share and want to inquire about the status of our bug bounty program, please email security{{[@]}}telcoin<.>org

We thank all security researchers who responsibly disclose vulnerabilities. Their support is critical to keeping our protocol safe for the community.