Mintlayer runs a responsible disclosure program for security issues, as such all security issues should be reported to enrico@mintlayer.org. When reporting, please encrypt your report using Enrico's GPG key, which can be found here.

If you disclose a valid security issue, you may be eligible for a bounty paid in ML, see the details here.

It's best to err on the side of caution, so if you find something you think is security related but not eligible for the bounty or something you're not 100% sure about then let us know on the above email address anyway as we treat each report on a report by report basis so you may still be paid a bounty.

Security issues may not be publicly announced until Mintlayer agrees.