cb-mpc-go is beta software. It mainly exists to demonstrate and expose the public cb-mpc C API through an idiomatic Go package so that MPC protocols can be used more easily from Go.
If you believe you have found a security issue in this repository, please email cb-mpc@coinbase.com with:
- a description of the issue
- affected versions or commits
- reproduction steps or proof-of-concept material, if available
- whether the issue is in the Go API, CGO bridge, examples, or build/test tooling
Please do not report suspected vulnerabilities through public GitHub issues or pull requests.
Reports that are specific to cb-mpc-go are welcome, but they are not eligible for a bounty through Coinbase's HackerOne program. See BUG_BOUNTY.md for scope details.
If the issue affects the underlying cb-mpc library rather than this Go wrapper, please follow cb-mpc/SECURITY.md for disclosure guidance. Any HackerOne eligibility is determined by the upstream cb-mpc policy and scope, including cb-mpc/BUG_BOUNTY.md.
Please avoid public disclosure until the issue has been reviewed and, where appropriate, remediated.