| Component | Status | Auditor |
|---|---|---|
| btc-runtime | Audited | Verichains |
| Version | Status |
|---|---|
| 1.11.x | Supported |
| < 1.10 | Not supported |
DO NOT open a public GitHub issue for security vulnerabilities.
Report vulnerabilities through GitHub Security Advisories.
Include:
- Description of the vulnerability
- Affected version(s)
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
| Action | Timeframe |
|---|---|
| Initial response | 48 hours |
| Vulnerability assessment | 7 days |
| Patch development | 14-30 days |
| Public disclosure | After patch |
- Contract standards (OP_NET, OP20, OP721, OP20S)
- Storage system (pointers, maps, arrays)
- Cryptographic operations (Schnorr, ML-DSA, SHA256)
- SafeMath operations
- Reentrancy guards
- Access control mechanisms
- Event system
- Cross-contract calls
- Third-party dependencies (report to respective maintainers)
- User contract logic errors
- Issues in development/test environments only
- Security Issues: GitHub Security Advisories
- General Issues: GitHub Issues
- Website: opnet.org