Report of Potential Vulnerability #91
Description
Dear Pico team,
I hope you’re doing well.
We’re the security team at Riema Labs. During a review of the Pico codebase, we identified several potential security issues in the zkVM implementation. We didn’t find a published security policy or a dedicated security contact, so we’re opening this issue as an initial point of contact rather than posting technical details publicly.
If you can share the preferred channel for coordinated disclosure (email/security@, private repo, etc.), we can provide a full report with PoCs, help validate impact, and assist in verifying fixes. We’re also happy to align on a disclosure timeline once you’ve had a chance to triage.
Best regards,
Security Team @ Riema Labs