Hi Pico/Brevis team,
We found multiple security issues in Pico zkVM.
Some of them may affect proof soundness, so we do not want to disclose technical details in a public GitHub issue.
We could not find a SECURITY.md, a GitHub private vulnerability reporting channel, or a dedicated security contact for coordinated disclosure.
Could you please share the preferred private disclosure channel, such as a security email address or GitHub private vulnerability reporting?
We can privately provide technical reports, minimal reproducers, affected commits, expected vs. actual behavior, impact analysis, and suggested fixes.
Thanks.
Hi Pico/Brevis team,
We found multiple security issues in Pico zkVM.
Some of them may affect proof soundness, so we do not want to disclose technical details in a public GitHub issue.
We could not find a SECURITY.md, a GitHub private vulnerability reporting channel, or a dedicated security contact for coordinated disclosure.
Could you please share the preferred private disclosure channel, such as a security email address or GitHub private vulnerability reporting?
We can privately provide technical reports, minimal reproducers, affected commits, expected vs. actual behavior, impact analysis, and suggested fixes.
Thanks.