Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Please report suspected security issues privately to the maintainers before public disclosure.

Include:

impact summary,
affected commands/flows,
reproduction steps,
any mitigation ideas you already validated.

Do not include mnemonic phrases, private keys, or wallet passwords in reports.

Scope

This project is security-sensitive wallet software.

Areas of special concern:

key and mnemonic handling,
password input and storage behavior,
PSBT signing and broadcast flows,
profile locking and persistence integrity.

There aren’t any published security advisories