Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Security: neocore-labs/neo-cli

Security

docs/SECURITY.md

Security Policy

Reporting Vulnerabilities

Found a vulnerability? Email [email protected].

Known Dependency Vulnerabilities

Accepted Risks (Solana SDK Dependency)

The following vulnerabilities exist in dependencies controlled by solana-sdk 2.x:

  • curve25519-dalek 3.2.0: Timing variability (RUSTSEC-2024-0344)

    • Mitigation: Will be fixed when migrating to Solana SDK 3.x
    • Impact: Low - server-side only, no client key operations

  • ed25519-dalek 1.0.1: Double public key signing oracle (RUSTSEC-2022-0093)

    • Mitigation: Will be fixed when migrating to Solana SDK 3.x
    • Impact: Low - signing controlled, no arbitrary message signing

Migration Plan

Solana SDK 3.x migration scheduled for Q2 2026 after mainnet launch.

Security Audits

  • CodeRabbit automated review (60+ issues fixed)
  • Manual security review (in progress)
  • Community bug bounty (coming soon)
  • Licensed audit (coming soon)

There aren’t any published security advisories