Warning: Do not disclose vulnerabilities publicly or by executing them against a production network. If you do, you will not only be putting users at risk, but you will forfeit your right to a reward. Always follow the appropriate reporting pathways as described below.

• Do not disclose the vulnerability publicly, for example by filing a public issue.
• Do not test the vulnerability on a publicly available network, either the testnet or the mainnet.

If you believe that you have found a significant bug or vulnerability, please report it to ai@zircuit.com.

Alongside this policy, maintainers also reserve the right to:

• Bypass this policy and publish details on a shorter timeline.
• Directly notify a subset of downstream users prior to making a public announcement.