The purpose of NEO vulnerability bounty program is to be proactive about blockchain security by providing a channel for security researchers to report potential security vulnerabilities identified related to our underlying infrastructure.
First, it is recommended to read the following page https://neo.org/dev/bounty, if you find a security vulnerability in NEO, please report it as indicated on that page.
Please withhold public disclosure until the security team has addressed the vulnerability and it has been solved.
We appreciate your efforts to responsibly disclose your findings, and we will make every effort to acknowledge your contributions.
The security team will acknowledge your email within 5 business days. You will receive a more detailed response within 10 business days.
When in doubt, please do send us a report.