ACP-SEC

ACP-SEC Security Disclosure

Responsible disclosure policy · Updated June 2026

We take security seriously. If you discover a vulnerability in ACP-SEC, please report it responsibly. We commit to acknowledging your report within 48 hours.

Report a Vulnerability

✉️
Security Contact
🐛
GitHub Issues (non-sensitive)

Response Times

Initial acknowledgment
48 hours
Triage & assessment
7 days
Fix timeline (critical)
14 days
Public disclosure
After fix

Scope

In scope for responsible disclosure:

Out of scope:

Bug Bounty

No formal bug bounty program at this time. We are transparent about this. We cannot offer monetary rewards currently, but we will publicly acknowledge all valid reports and credit researchers by name (or pseudonym) on this page.

Responsible Disclosure Guidelines

Acknowledged Researchers

We gratefully acknowledge the following security researchers who have contributed to making ACP-SEC more secure:

ResearcherFindingDate
No reports yet — be the first!

Our Commitments

ACP-SEC is a testnet project. The SentryAgent contract is deployed on Base Sepolia (testnet) only. There are no mainnet funds at risk in the current deployment.