While this repo is purely for demonstration purposes and should not be used in production, we still take security seriously for the sake of accuracy.
If you believe to have found a security issue that can cause biasability, denial of service, or compromise of funds in the contract, please send us an email to security@drand.love. You can also file a public issue on the Github tracker. We'll make sure to get back to you ASAP, work towards verifying the issue, mitigating it and providing an update for our users.
To help us serving the drand ecosystem, we appreciate that your reports are as precise as possible, ideally containing a way to reproduce the vulnerability.