DSM is an early beta repository that includes novel cryptographic and wallet code. Please treat security reports seriously and avoid posting vulnerabilities publicly until they have been reviewed.

We currently review security issues for:

• The main branch
• The latest tagged beta or release candidate

Older snapshots may not receive fixes.

Please email team@irrefutablelabs.org with:

• A clear description of the issue
• Impact and affected components
• Reproduction steps or a proof of concept
• Any suggested mitigation or patch, if you have one

Do not open a public GitHub issue for vulnerabilities that could put users, contributors, or infrastructure at risk.

• We will acknowledge receipt as soon as practical.
• We may ask follow-up questions or request a private reproduction.
• Once a fix is ready, we will coordinate disclosure in a changelog entry or release note when appropriate.

Security reports are especially helpful for:

• Wallet key handling and signing flows
• JNI / Android boundary handling
• Protobuf parsing and transport validation
• Storage node trust boundaries and authorization
• Supply, accounting, or state transition invariants