Skip to content

Pico zkVM Proof-Soundness Vulnerability — Request for Coordinated Disclosure Contact #103

Description

@liyue-cs

Hi Pico/Brevis team,

We found multiple security issues in Pico zkVM.

Some of them may affect proof soundness, so we do not want to disclose technical details in a public GitHub issue.

We could not find a SECURITY.md, a GitHub private vulnerability reporting channel, or a dedicated security contact for coordinated disclosure.

Could you please share the preferred private disclosure channel, such as a security email address or GitHub private vulnerability reporting?

We can privately provide technical reports, minimal reproducers, affected commits, expected vs. actual behavior, impact analysis, and suggested fixes.

Thanks.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions