Question about bug disclosure #72
Description
Summary
Hey team,
I'm a security researcher and I recently audited a codebase which is a fork of ethermint, ~2 months ago to be precise and I found a bug that turns out to be part of the forked code from ethermint. I checked and the evmos codebase (and the os one, respectively) have the same bug as well. I've reported it back then to security@evmos.org which appears to be the correct place to report such things according to the official docs https://docs.evmos.org/protocol/bugs. I've not received any response yet, so I'm trying to find the right place where I can discuss the vulnerability and this seems to be the last resort. I'd rather not discuss it in public, but this seemed like the only place where I can raise some sort of awareness and actually get in contact with someone from the dev/sec team.
You can find me in your mail inbox on security@evmos.org or on twitter https://x.com/flack00n, whatever is convenient for you.
I'll be expecting your response!
Best