DO NOT CREATE A GITHUB ISSUE to report a security problem.

Instead please use this Report a Vulnerability link. Provide a helpful title, detailed description of the vulnerability and an exploit proof-of-concept. Speculative submissions without proof-of-concept will be closed with no further consideration.

If you haven't done so already, please enable two-factor auth in your GitHub account.

Expect a response as fast as possible in the advisory, typically within 72 hours.

If you do not receive a response in the advisory, send an email to hardhatchad@gmail.com with the full URL of the advisory you have created. DO NOT include attachments or provide detail sufficient for exploitation regarding the security issue in this email. Only provide such details in the advisory.

If you do not receive a response from hardhatchad@gmail.com please followup with the team directly. You can do this in the #general channel of the ORE discord server, by pinging the Team role in the channel and referencing the fact that you submitted a security problem.