Use GitHub Private Vulnerability Reporting for this repository whenever available. This creates a private, durable record for triage and remediation.
Do not open a public GitHub issue, pull request, forum post, or social post for security vulnerabilities.
If GitHub Private Vulnerability Reporting is unavailable, use the private Signal contact listed in the Frontier Compute organization security policy and include enough detail for maintainers to reproduce the issue.
- zap1 reference implementation and attestation engine
- Merkle tree and anchoring logic
- API endpoints at
pay.frontiercompute.io - Verification surfaces, including the verify page, proof bundles, and
verify_proof.py
We aim to acknowledge reports within 48 hours and provide a fix or mitigation within 7 days for critical issues.
We follow coordinated disclosure. Reporters will be credited unless they prefer anonymity.