Email security@aipowergrid.io (or open a private GitHub security advisory). Please do not open public issues for security reports.
- We acknowledge within 72 hours and aim to triage within 7 days.
- Coordinated disclosure: give us a reasonable window to ship a fix before public disclosure. We credit reporters who follow this process.
In scope: this repository's code, smart contracts, and protocol handling. Out of scope: third-party dependencies (report upstream), social engineering, volumetric DoS.
On-chain code on Base is verified and public. Findings affecting funds, access control, or settlement are highest priority.