Hi DFINITY team,
I am a security researcher. I have identified a CRITICAL logic vulnerability in one of your core official repositories (related to smart contract management/multisig access).
I am trying to responsibly disclose the full report and the executable Rust Proof of Concept according to your Security Policy. However, your official email (securitybugs@dfinity.org) is broken and immediately bounces my emails with the following Jira error:
“Your request to icv@dfinity.atlassian.net could not be created. If you would still like to get help, please contact the team directly.”
I have tried multiple times from a standard Gmail account without any attachments, and the Jira Service Management desk still rejects it.
Could a member of the DFINITY Security Team please send me a DM here, or provide a direct, working email address where I can securely send the vulnerability report?
Thank you.