dynamic-ssz has different stability levels for its components:
- Reflection-based dynamic marshaling/unmarshaling/HTR: Production ready and battle-tested in various toolings
- Code generator (
dynssz-gen): Feature complete but in beta stage - hasn't been extensively tested in production environments
| Version | Supported |
|---|---|
| v1.x.x | ✅ |
| < v1.0 | ❌ |
I take the security of the dynamic-ssz library seriously. If you believe you have found a security vulnerability in dynamic-ssz, please report it to me in a responsible manner.
Please do not report security vulnerabilities through public GitHub issues.
For critical security issues, please contact me privately:
- Matrix:
@pk910:matrix.org - Twitter:
@_pk910_ - Discord:
pk910(find me at EthStaker or ETH R&D communities)
I appreciate your effort to responsibly disclose your findings.
Your report should include:
- The conditions under which the vulnerability occurs.
- Detailed steps to reproduce the vulnerability.
- Any relevant logs, error messages, or outputs.
- If possible, a proof-of-concept or exploit code.
Upon receiving a report of a vulnerability:
- I will assess the vulnerability for its veracity and potential impact.
- I may contact you for further information.
- I will work on addressing the issue and keep you updated on the progress.
I aim to collaborate with the security community to identify and resolve vulnerabilities responsibly. I will keep the community informed of security issues that may arise during the development process.
Thank you for helping ensure the security and reliability of dynamic-ssz.