shh is privacy infrastructure that moves funds. Treat every component as security-critical.

• Trusted setup is development-grade. The Groth16 zkeys shipped/generated by pnpm circuits:setup come from a single-contributor contribution. They must not secure real funds. Production requires a multi-party Powers-of-Tau ceremony with a published transcript (workflow Phase 8).
• Unaudited. Circuits and contracts have not had an external audit. Do not deploy to mainnet before one.
• L3 boot not included. The OP Stack devnet is scaffolded but not yet booted; on-chain bridge wiring against a live OP portal is pending.

Email the maintainers privately with a description, affected component, and a reproduction. Please do not open public issues for exploitable findings. We aim to acknowledge within 72 hours. Coordinated disclosure is appreciated; we will credit reporters who wish to be named.

In scope: packages/circuits, packages/contracts, packages/sdk, the shielded bridge, and the wallet backend in apps/web. See docs/threat-model.md for the threat model and mitigations.

Out of scope (for now): third-party OP Stack components, Blockscout, and dependency CVEs that do not affect shh's own code paths.