Block.one does not monitor or maintain public implementations of the EOSIO protocol and therefore, any security vulnerability on a public chain should be submitted to that respective chain’s vulnerability team. To qualify for Block.one’s EOSIO Bug Bounty, all reports and security issues must be found on the core EOSIO protocol.