This is a full guide for reporting and behaving with security vulnerabilities in this project.

If you find any security vulnerability in this project, you can send a full report to security@dezh.tech. We will review your report in around 1 week or more and respond to you. We may consider paying you a bounty reward using only Bitcoin (On-chain, Lightning, Cashu), depending on the vulnerability security level. By publishing any public writeup or report before our response, you will not receive any bounty reward. After our response to the vulnerability report, you/we can publish a public writeup or report about the vulnerability.