Disclose a security vulnerability

If you think you’ve found a critical vulnerability in Navcoin’s protocol, please don’t hesitate to contact us on disclosure@navcoin.org using our GPG key to encrypt your message with. We're committed to coordinating with you and any other affected parties to ensure that any disclosure is handled discreetly and in a timely manner.

As part of your disclosure, it would be ideal to include; a docker image with python tests showing the vulnerability, detailed notes about the vulnerability and the affected parts of the code, suggested mitigation strategies, and your GBP public key for us to securely reply to you.

If you’re unable to communicate using the above approach, please reach out any of the admins on our Discord channel and we'll setup a secure private channel with you.