# elizaOS Discord - 2026-04-18

## Summary

### Security Vulnerability Reporting

Kullai discovered security vulnerabilities in the ElizaOS open-source application and initially inquired about a bug bounty program. After being informed no bounty program exists, kullai reconsidered as an ethical researcher and privately disclosed the security issues to odilitime, who acknowledged receipt. Stan0473 initially suggested creating a public pull request or GitHub issue, but kullai correctly noted that security issues should not be disclosed publicly.

### Scam and Phishing Attempts

Multiple community members reported suspicious activity, including a fake Solana airdrop claiming to be from Odilitime. Spankyxn confirmed this as a scam. Additionally, mssundine was mentioned in an airdrop notification that stan0473 characterized as a scam. These incidents highlight ongoing phishing attempts targeting the ElizaOS community.

### Project Communication and Priorities

Valleybeyond7991 raised concerns about the ElizaOS Twitter account being inactive for almost 3 weeks. Satsbased redirected attention to Milady development as the current project priority, suggesting social media activity has taken a backseat to active development work.

## FAQ

**Q: Does ElizaOS have a bug bounty program?**
A: No, ElizaOS does not currently have a bug bounty program, as confirmed by odilitime.

**Q: How should security vulnerabilities be reported?**
A: Security vulnerabilities should be reported privately via direct message to project maintainers like odilitime, not through public GitHub issues or pull requests.

**Q: Is the Solana airdrop claiming to be from Odilitime legitimate?**
A: No, this is a confirmed scam according to spankyxn.

**Q: Why has the ElizaOS Twitter account been inactive?**
A: The team is currently prioritizing Milady development over social media activity.

## Help Interactions

**Helper:** stan0473  
**Helpee:** kullai  
**Resolution:** Initially suggested creating a public GitHub issue or pull request for bugs, but kullai clarified these were security issues requiring private disclosure.

**Helper:** odilitime  
**Helpee:** kullai  
**Resolution:** Agreed to receive security vulnerability details via direct message and confirmed receipt of the information.

**Helper:** spankyxn  
**Helpee:** dep14  
**Resolution:** Confirmed that the Solana airdrop claiming to be from Odilitime was a scam.

**Helper:** stan0473  
**Helpee:** mssundine  
**Resolution:** Identified an airdrop notification as a scam.

**Helper:** satsbased  
**Helpee:** valleybeyond7991  
**Resolution:** Explained that Milady development is the current priority, addressing concerns about Twitter inactivity.

## Action Items

### Technical

- Review and address security vulnerabilities reported by kullai (mentioned by kullai, assigned to odilitime)
- Investigate and mitigate ongoing phishing and scam attempts targeting community members (mentioned by dep14, mssundine, spankyxn, stan0473)

### Documentation

- Consider establishing formal security vulnerability disclosure guidelines for the open-source project (mentioned by kullai, stan0473)
- Document official communication channels to help community members identify legitimate project communications versus scams (mentioned by dep14, spankyxn)