Donut AI Security Disclosure Evidence

沟通过程与厂商回应证据Communication & Vendor-Response Evidence

会议、书面通知、厂商回应和奖励处理口径相关脱敏证据集中放在本页。本页不展示与漏洞处理无关的私人对话、第三方个人信息或与披露流程无关的内部聊天内容。

This page collects redacted evidence on the meetings, written notices, vendor responses, and reward-handling stance. It does not show private conversations unrelated to vulnerability handling, third-party personal information, or internal chat unrelated to the disclosure process.

沟通过程概要Communication Overview

阶段Stage时间Date内容Details
启动沟通Initiate contact2026 年 3 月 11 日前Before 2026-03-11告知 Donut 发现可能影响用户资金安全的 Critical 级漏洞,要求与管理层和技术负责人线上沟通Notified Donut of Critical-level vulnerabilities that could affect user fund safety, and requested an online discussion with management and the tech lead
线上会议Online meeting2026-03-11演示 Donut Browser 资金安全攻击链,说明漏洞等级、攻击路径、修复窗口、独立披露安排Demonstrated the Donut Browser fund-safety attack chain; explained severity, attack paths, the remediation window, and the independent-disclosure arrangement
材料提交Materials submitted2026-03-11会后向 Donut 提交脱敏报告、PPT 和 PoC 演示视频After the meeting, submitted to Donut a redacted report, slides, and a PoC video
复测追踪Retest tracking2026-03-16复测确认 Donut Browser 核心问题仍未修复,并继续补充漏洞清单Retest confirmed the core Donut Browser issues were still unfixed, and continued to expand the vulnerability list
处理口径Handling stance2026-03-18在反复追问后,Donut 明确表示 bounty 就是常规社区活动奖励($100)After repeated questioning, Donut stated plainly that the bounty was just a routine community-event reward ($100)
书面披露Written disclosure2026-03-18在群内书面同步:自 2026-03-11 会议起进入负责任披露流程,计划于 2026-06-09 公开披露Synced in writing in the group chat: the responsible-disclosure process began at the 2026-03-11 meeting, with public disclosure planned for 2026-06-09
CVE 申请CVE filing2026-03-21提交 9 个 CVE 申请Filed 9 CVE requests
D0 阶段研究D0-phase research2026-05独立完成 D0 阶段研究Independently completed the D0-phase research

1. 2026 年 3 月 11 日线上会议1. Online Meeting, 2026-03-11

文字记录:会议重点Transcript: meeting highlights
  1. Donut Browser 资金安全攻击链的实际可达能力,特别是 1-click 静默交易和跨用户钱包归属校验问题。The real-world reachability of the Donut Browser fund-safety attack chain, especially the 1-click silent transaction and the cross-user wallet-ownership-check issues.
  2. 该问题不是单点参数绕过,而是交易链路、钱包归属校验和信任模型层面的系统性风险。These are not single-parameter bypasses but systemic risks at the transaction-path, wallet-ownership-check, and trust-model levels.
  3. 披露处理方式:先给出沟通与修复窗口,再根据修复情况协调披露;窗口期结束后保留独立公开披露权利。Disclosure handling: first provide communication and remediation windows, then coordinate disclosure based on remediation progress; after the window closes, the right to independent public disclosure is reserved.
  4. 后续材料提交、复测和书面通知安排。Arrangements for subsequent material submission, retesting, and written notices.

2. 2026 年 3 月 18 日书面披露通知2. Written Disclosure Notice, 2026-03-18

文字记录:披露窗口说明Transcript: disclosure-window details
  1. 披露窗口起算点:2026-03-11 会议报告 + 材料提交。Window start: the 2026-03-11 meeting report + material submission.
  2. 窗口长度:90 天,对齐主流负责任披露实践(CERT/CC、ISO/IEC 29147 与若干主流厂商 / 平台的协调披露策略)。Window length: 90 days, aligned with mainstream responsible-disclosure practice (CERT/CC, ISO/IEC 29147, and several major vendors’ / platforms’ coordinated-disclosure policies).
  3. 公开披露日期:2026 年 6 月 9 日。Public-disclosure date: 2026-06-09.
  4. 公开披露内容:脱敏后的事实证据、攻击链描述、漏洞总览、CVE 申请进展、沟通过程,以及对用户的安全建议。Disclosure content: redacted factual evidence, attack-chain descriptions, the vulnerability overview, CVE-filing progress, the communication process, and security advice for users.
  5. 公开披露不包含:可直接复用的攻击脚本、私钥、未脱敏的内部凭据或可能伤害第三方用户的信息。Disclosure excludes: directly reusable attack scripts, private keys, un-redacted internal credentials, or information that could harm third-party users.

3. 厂商回应与处理口径3. Vendor Response & Handling

文字记录:处理口径Transcript: handling stance
  1. Donut 已通过线上会议、脱敏报告、PPT 和 PoC 演示视频充分知晓 Critical 级资金安全攻击链。Through the online meetings, redacted report, slides, and PoC video, Donut was fully aware of the Critical-level fund-safety attack chain.
  2. 在 Donut 已知情的前提下,沟通过程仍将该事件纳入普通社区奖励路径,没有针对系统级资金安全问题建立专项评估、修复对接或正式漏洞赏金流程。Despite this awareness, the communications still placed the matter on the ordinary community-reward track, with no dedicated assessment, remediation coordination, or formal bug-bounty process for the system-level fund-safety issues.
  3. 该处理方式是本次披露记录为安全治理观察的事实之一。This handling is one of the facts recorded here as a security-governance observation.

对于一个接入钱包、交易、签名和 AI Agent 执行环境的产品,如何对待 Critical 级漏洞报告,本身就是安全治理能力的一部分。

For a product wired into wallets, trading, signing, and an AI-Agent execution environment, how it treats a Critical-level vulnerability report is itself part of its security-governance capability.

4. AI Agent 旁证4. AI-Agent Corroboration

文字记录:旁证说明Transcript: corroboration notes
  1. 此节内容不能替代会议记录、书面通知和厂商表态本身。This section does not replace the meeting records, written notices, or the vendor’s own statements.
  2. 它的价值在于:即使从 Donut 自身 AI Agent 的抽象描述视角,也能反映出 Critical 级资金攻击链应被严肃对待,而不是被降级为社区活动处理。Its value: even from the abstract perspective of Donut’s own AI Agent, a Critical-level fund attack chain should be taken seriously rather than downgraded to community-event handling.

与主披露的关系Relationship to the Main Disclosure