forgejo-admin/nuts
0
0
Fork 0
Code Issues 35 Pull requests 32 Projects Releases Packages Wiki Activity Actions

How to report protocol vulnerabilities? #276

New issue
Open
opened 2025-07-25 16:26:34 +00:00 by conduition · 3 comments
conduition commented 2025-07-25 16:26:34 +00:00 (Migrated from github.com)
Copy link

See title.

I may have found a protocol level vulnerability in cashu with high severity, affecting most existing wallets. I found no responsible disclosure policy documents in this repo, nor in nutshell or cashu.me, so i'm not sure what to do with this information.

Where would Cashu devs congregate to patch security vulnerabilities?

See title. I _may_ have found a protocol level vulnerability in cashu with high severity, affecting most existing wallets. I found no responsible disclosure policy documents in this repo, nor in nutshell or cashu.me, so i'm not sure what to do with this information. Where would Cashu devs congregate to patch security vulnerabilities?
👀 1
callebtc commented 2025-07-26 00:21:28 +00:00 (Migrated from github.com)
Copy link

Hi, I'll find a way to contact you.

Hi, I'll find a way to contact you.
gandlafbtc commented 2025-07-26 04:55:42 +00:00 (Migrated from github.com)
Copy link

@callebtc IMO it would be good to add a disclosure policy in the readme, or somewhere in the nuts repo

@callebtc IMO it would be good to add a disclosure policy in the readme, or somewhere in the nuts repo
👍 2
conduition commented 2025-07-27 03:59:55 +00:00 (Migrated from github.com)
Copy link

I just shared my findings with @callebtc over Matrix DM

I just shared my findings with @callebtc over Matrix DM
❤️ 1
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
gh-pages
nut-17-simplify-subscription-kind
get-quotes-by-pubkeys
nostr-mint-backups
fix/nut01-full-response
gudnuf/abstract-nut-17
thesimplekid-patch-2
nut26-onchain
gudnuf/nut20-specify-pk-format
gandlafbtc-update-ns-readme
thesimplekid-patch-1
gudnuf-nut10-in-nut18
nut-18-p2pk-and-optional-target
nut-04-05-add-amount-unit-request
gh-pages-builder
nut-18-wording
requests
No results found.
Labels
Clear labels   
breaking change
This issue/PR entails breaking changes

  
bug
Something isn't working

  
documentation
Improvements or additions to documentation

  
enhancement
New feature or request

  
needs discussion
Needs more discussion

  
needs implementation
Needs a reference implementation

  
new nut
A new protocol NUT

  
ready
Ready to merge

  
wallet-only
A change that affects only wallets

No labels
breaking change
bug
documentation
enhancement
needs discussion
needs implementation
new nut
ready
wallet-only
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo-admin/nuts#276
No description provided.