IMPORTANT: If you find a security issue in the upstream version of the cosmos-sdk, you should refer to the upstream SECURITY.md.
This repository and it's changes from the upstream wasmd are not currently included in the Wormhole bug bounty program, but may be added in the future.
In the mean-time, if you find a security issue, we ask that you reach out to our team via Discord.
We engage 3rd party firms to conduct independent security audits of Wormhole. At any given time, we likely have multiple audit streams in progress.
As these 3rd party audits are completed and issues are sufficiently addressed, we make those audit reports public.