Flow was built from the ground up with security in mind. Our code, infrastructure, and development methodology helps us keep our users safe.

We really appreciate the community's help. Responsible disclosure of vulnerabilities helps to maintain the security and privacy of everyone.

If you care about making a difference, please follow the guidelines below.

We ask that all researchers adhere to these guidelines here.

Additionally, please include the following in the security report:

• the name and version of the AI, scanner, etc. that detected the issue (this can help us handle reports generated by buggy tools more efficiently)

• list of affected architectures (Atree is only officially supported on 64-bit)

• version of Flow Emulator used to check the reported issue (issue might be prevented by Flow components that set or enforce limits on Atree)

Before submitting a security report, please review your source code included in the report. For example, please make sure the reported panic isn't caused by an overlooked mistake in the report's test code.