Dear Flow Team,
I have discovered a potential vulnerability on flow.com. As per your bug bounty guidelines, I initially submitted the report to security@onflow.org.
Shortly after, I received an automated response instructing me to submit the report via HackenProof. However, upon checking HackenProof, I noticed that the Flow bug bounty program is scheduled to start in 212 days. There is another program currently open, but it appears to be focused specifically on smart contracts, which does not relate to my finding.
Could you please advise me on the correct procedure for submitting this report? I want to ensure the responsible disclosure of this issue through the appropriate channel.
Looking forward to your guidance.