CryptoMathAudit is committed to responsible vulnerability disclosure. We follow these principles:
- Private report first — All findings are reported to the affected protocol through their official bug bounty program or security contact
- 90-day disclosure window — We allow 90 days for the protocol to patch before any public disclosure
- No exploitation — We never exploit vulnerabilities for personal gain
- Proof of Concept — We provide detailed PoC to help teams understand and fix the issue
- Coordinated publication — Research is published only after the vulnerability is patched
The tools in this repository are designed for defensive security research:
- Testing your own wallet implementations
- Auditing protocols before deployment
- Educational purposes in cryptographic security
If you find a security issue in our tools or research:
- Use GitHub's private vulnerability reporting feature
- Or email: [to be configured]
- Do not open a public issue for security vulnerabilities
All research is conducted within the bounds of applicable law. We participate only in authorized bug bounty programs and test only on local/testnet environments.