If you discover a vulnerability, do NOT open a public issue. Email contact via @NoTraceSol on Twitter, or DM via notracesol.xyz support channel.

• Cryptographic correctness of stealth derivation (ECDH math, scalar arithmetic)
• Signature scheme (signWithScalar) producing non-standard signatures
• Memo parsing rejecting malicious input

• Underlying noble-curves library — report directly to paulmillr/noble-curves
• Wallet-level UX issues — those live in notrace-app

We'll acknowledge within 72 hours. Fixes coordinated before public disclosure.