Thanks for improving the security of Wrappr. We appreciate your efforts. Following these responsible disclosure guidelines will make sure your contribution is acknowledged.

Please report security vulnerabilities to <>. Please avoid opening a public Github issue or posting on social media or Discord.

The Wrappr team will respond with the next steps following the email within the next 2 working days. The team will keep you informed on the remediation process and may ask for additional guidance/information.

Please include the following in your report:

• Your name/affiliation (if any)
• Description of the technical details of the vulnerability, including how to reproduce.
• An explanation of who can exploit this vulnerability, including possible attack scenarios.
• Whether this vulnerability is public or known to third parties.

The core team asks security researchers to keep communications around vulnerabilities private and confidential until a patch is ready.

Additionally, we request:

• Allow a reasonable amount of time to correct and address the issue.
• Avoid exploiting the vulnerability.
• Demonstrate good faith by not disrupting Stargaze's network, data, or services.

Once a report is received, the following process will be followed:

• The Stargaze core team will work to verify the issue.
• Work on a patch in a private repository.
• Notify the community and validators that a security update is coming, giving ample time to upgrade and apply the patch.
• After the community has been notified, and after verifying that the patch works, the team will pay out any relevant bug bounties to submitters.
• A post-mortem will be published a week after the vulnerability is discovered.

Every effort will be made to handle disclosures in a timely manner. It's very important to follow the above process for vulnerabilities to be handled quickly and effectively.